Microsoft Bing application 4.2 remote install APK *youtube

2014.01.25
Credit: trustlook
Risk: High
Local: Yes
Remote: No
CVE: CVE-2014-1670
CWE: CWE-94


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hackers can pwn your Android in 10 seconds, if you use Bing App in Starbucks Trustlook has reported the vulnerability to Microsoft Security 10 days ago, and closely working with Microsoft to get this fixed. The Bing team has fixed this vulnerability in version 4.2.1 which released on Jan 21, 2013. BTW, Microsoft is not the only vendor that affected by this vulnerability. There are hundreds of vulnerable apps we have found on the play store. The total affected user could reach a billion (http://blog.trustlook.com/2014/01/09/2-years-old-android-vulnerability-still-affecting-billion-users/). We are still working with more vendors to fix this problem. Read More: http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/ YOUTUBE: http://www.youtube.com/watch?v=_j1RKtTxZ3k

References:

https://play.google.com/store/apps/details?id=com.microsoft.bing
http://www.youtube.com/watch?v=_j1RKtTxZ3k
http://www.securityfocus.com/bid/65128
http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top