E-Z-2-Use attack code making use of old Android Vulnerability

The attack code exploiting the WebView programming interface vulnerability in the Android operating system has been added as a module to the open-source Vulnerability exploitation framework Metasploit. The vulnerability affects versions earlier than Android 4.2. Google fixed the vulnerability in Android 4.2. However, according to official statistics, more than five users still use the old version with the vulnerability. WebView vulnerabilities allow attackers to inject malicious JavaScript code into Android browsers and other applications to obtain the same access permissions as the target program. Attackers can enable a shell window to access the victim's file system and camera, location data, SD card data, and address book. Vulnerabilities can also be triggered by man-in-the-middle attacks on insecure networks. The vulnerability exists in the Android system, rather than the private GMS application platform. The vulnerability can be corrected only when the system is updated. Security researcher Todd Beardsley hopes that disclosure of attack code will force suppliers to upgrade their systems as soon as possible.