The reason is that vulnerabilities in the WebView component of the AOSP (Android Open Source Project) -Browser not be patched by Google. Monday warned Todd Beardsley security company Rapid7 that no new updates come out more WebView. WebView is an important part of Android for displaying web pages. It is a separate browser window that developers can use their apps and allows to websites and pages within the screen layout of the application again.
In the latest versions of Android WebView is no longer used, but 60% of Android users is still a version where this is the case. It may therefore be years before WebView is gone everywhere and all the time users run risk, notes Beardsley. "If I were an attacker and had to choose an Android component to attack, it would be WebView. WebView is a component that is used in almost all ad-supported libraries, as well as when you are in any web app not rendering" Open link in browser "click."
The expert is therefore surprised that Google still deliver more updates for example, the audio player in older Android versions, but WebView a miss. Since Chrome, Firefox and other browsers no WebView This is an important security measure notes Beardsley. "If your default browser on AOSP Jelly Bean or earlier, then stop." The same advice applies to users who use the older browser their telecom provider. However, the vulnerable component also appears to affect all kinds of apps and ad networks, as suggested anti-virus company Trend Micro fixed earlier.
No comments:
Post a Comment