SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (VoIP/Phone/FAX)  >   Google Android Vendors:   Google
Google Android Lets Remote Users Obtain SD Card Contents
SecurityTracker Alert ID:  1024783
SecurityTracker URL:  http://securitytracker.com/id/1024783
CVE Reference:   CVE-2010-4804   (Links to External Site)
Updated:  Jun 14 2011
Original Entry Date:  Nov 24 2010
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.3.4
Description:   A vulnerability was reported in Google Android. A remote user can obtain the contents of the SD card.

A remote user can create specially crafted HTML that, when loaded by the target user, will download a file to the target user's device and automatically execute the file in the local context to gain read access to files on the SD card.

The original advisory is available at:

http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/

Thomas Cannon reported this vulnerability.

Impact:   A remote user can access files on the target user's SD card.
Solution:   The vendor has issued a fix (2.3.4).

A fix for open source Android is available at:

http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;a=commit;h=604a598e1e01bda781600a45e0a971898a582666
http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=f440831d76817e837164ca18c7705e81d2391f87

Vendor URL:  www.google.com/ (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC