Norton Mobile Security Discloses Potentially Sensitive Information to Other Applications
|
|
SecurityTracker Alert ID: 1024739 |
|
SecurityTracker URL: http://securitytracker.com/id/1024739
|
|
CVE Reference:
CVE-2010-0113
(Links to External Site)
|
Date: Nov 15 2010
|
Impact:
Disclosure of authentication information, Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.0 Beta
|
Description:
A vulnerability was reported in Norton Mobile Security Beta for Android. A remote user may be able to obtain potentially sensitive information in certain cases.
A remote user can create a specially crafted application that, when loaded and executed by the target user, will access potentially sensitive information from the Norton Mobile Security Beta for Android log files. This may include the target user's wipe/lock credentials.
Tim Wyatt with Lookout Mobile Security reported this vulnerability.
|
Impact:
A remote user may be able to obtain potentially sensitive information in certain cases.
|
Solution:
The vendor has issued a fix (1.5 Beta).
The vendor's advisory is available at:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00
|
Vendor URL: www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Android
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 15 Nov 2010 18:39:38 +0000
Subject: Norton Mobile Security Beta for Android
|
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00
CVE-2010-0113
|
|
