Release date: 2011-08-02
Updated on: 2011-08-02
Affected Systems:
Android Open Handset Alliance Android 3.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-2357
Android is a project launched by Google through Open Handset Alliance. It is used to provide a complete set of software for mobile devices, including operating systems and middleware.
Android browsers have security problems in implementing sandbox verification. Remote attackers can exploit this vulnerability to bypass sandbox authentication and inject and execute script code in any domain.
This vulnerability is caused by an error in the Android browser when loading the URL. Successful exploitation requires installation and use of malicious applications.
<* Source: Roee Hay
Yair Amit (AMITYAIR@il.ibm.com)
Link: http://secunia.com/advisories/45457/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Android
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.openhandsetalliance.com/android_overview.html