Categories
Google Play

Google fixes XSS security hole in web Android market

Advertisements

Google has fixed a cross site scripting security hole in web-based Android store. The security hole allowed attackers to install apps on Android devices without the user’s consent – and without requiring physical access to the device.

The exploit was fixed after Android security specialist Jon Oberheide reported this to Google. According to him, it was possible to remotely install arbitrary applications with arbitrary permissions onto a victim’s phone simply by tricking them into clicking a malicious link (either on their desktop OR phone).  The exploit works universally across all Android devices, versions, and architectures.

Well the security hole is fixed now, so no need to worry.

Via Jon

By Gaurav Shukla

Gaurav Shukla is a journalist with over 12 years of experience covering the consumer technology space. He started his career with a self-published Android blog and has since worked with Microsoft's MSN.com, XDA Developers, How-to Geek, and NDTV Gadgets 360.

Leave a ReplyCancel reply

Discover more from AndroidOS.in

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version