Major Android Bug is a Privacy Disaster
The vulnerability allows to intercept the current session cookies and gain complete control over the user’s session.
In the Metasploit (popular among security researchers a set of tools for penetration testing), appeared a new module that allows to exploit a dangerous vulnerability in a 75% of all smartphones based on Android operating system. The flaw makes it possible to intercept web-pages which viewed victim. It is reported by The Register.
We are talking about the vulnerability CVE-2014-6041, affecting the Android 4.2.1 (and earlier versions). To discover its managed 1 September, according to researcher Tod Beardsley (a developer for the Metasploit security toolkit), who called the flaw a “privacy disaster”. (more…)