Monday, 19 January 2015

Android Jelly Bean - "Expert Warns Of Default Android Browser"

An American security expert has nearly a billion users with Android Jelly Bean or an older version of the mobile operating system works warned to stop using the standard supplied browser and other browsers to switch.

The reason is that vulnerabilities in the WebView component of the AOSP (Android Open Source Project) -Browser not be patched by Google. Monday warned Todd Beardsley security company Rapid7 that no new updates come out more WebView. WebView is an important part of Android for displaying web pages. It is a separate browser window that developers can use their apps and allows to websites and pages within the screen layout of the application again.

In the latest versions of Android WebView is no longer used, but 60% of Android users is still a version where this is the case. It may therefore be years before WebView is gone everywhere and all the time users run risk, notes Beardsley. "If I were an attacker and had to choose an Android component to attack, it would be WebView. WebView is a component that is used in almost all ad-supported libraries, as well as when you are in any web app not rendering" Open link in browser "click."

The expert is therefore surprised that Google still deliver more updates for example, the audio player in older Android versions, but WebView a miss. Since Chrome, Firefox and other browsers no WebView This is an important security measure notes Beardsley. "If your default browser on AOSP Jelly Bean or earlier, then stop." The same advice applies to users who use the older browser their telecom provider. However, the vulnerable component also appears to affect all kinds of apps and ad networks, as suggested anti-virus company Trend Micro fixed earlier.

No comments:

Post a Comment