Apache Cordova For Android Security Restriction Bypass Vulnerability (CVE-2014-3500)

Apache Cordova For Android Security Restriction Bypass Vulnerability (CVE-2014-3500)

Release date:
Updated on:

Affected Systems:
Apache Group Cordova <3.5.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69038
CVE (CAN) ID: CVE-2014-3500
 
Apache Cordova is a platform for building local mobile applications using HTML, CSS, and JavaScript.
 
Android applications built using Apache Cordova for Android 3.5.0 and other versions can be started with a special URL. The start page is different from the one designed by developers. There is a cross-application scripting vulnerability in implementation, attackers can exploit this vulnerability to bypass certain security restrictions and perform unauthorized operations.
 
<* Source: David Kaplan
Roee Hay

Link: http://cordova.apache.org/announcements/2014/08/04/android-351.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://cordova.apache.org/
Http://cordova.apache.org/announcements/2014/08/04/android-351.html

This article permanently updates the link address: