Microsoft Bing application 4.2 remote install APK *youtube

2014.01.25
Credit: trustlook
Risk: High
Local: Yes
Remote: No
CVE: CVE-2014-1670
CWE: CWE-94


Ogólna skala CVSS: 6.8/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

Hackers can pwn your Android in 10 seconds, if you use Bing App in Starbucks Trustlook has reported the vulnerability to Microsoft Security 10 days ago, and closely working with Microsoft to get this fixed. The Bing team has fixed this vulnerability in version 4.2.1 which released on Jan 21, 2013. BTW, Microsoft is not the only vendor that affected by this vulnerability. There are hundreds of vulnerable apps we have found on the play store. The total affected user could reach a billion (http://blog.trustlook.com/2014/01/09/2-years-old-android-vulnerability-still-affecting-billion-users/). We are still working with more vendors to fix this problem. Read More: http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/ YOUTUBE: http://www.youtube.com/watch?v=_j1RKtTxZ3k

Referencje:

https://play.google.com/store/apps/details?id=com.microsoft.bing
http://www.youtube.com/watch?v=_j1RKtTxZ3k
http://www.securityfocus.com/bid/65128
http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top