Recently, a security vulnerability found in Google Glass allows attackers to easily execute arbitrary code. In fact, this vulnerability can be traced back to the JavaScript API errors found by security researchers in the Android 4.1 System in the second half of last year. This function is "addJavascriptInterface ()" and is designed to allow developers to access Java code generation through a limited range of JavaScript code. However, due to bugs, you only need to create a WebView to run the code, attackers can access corrupted JavaScript Functions.
In short, this vulnerability is used to obtain the highest JavaScript permission.
Google also admitted this vulnerability in Android 4.1, indicating that attackers could manipulate host applications in unexpected ways and execute Java code at will. In a recent test by the open-source security vulnerability detection tool Metasploit, it was found that this vulnerability still exists in the latest Google Glasses XE12 software version.
This vulnerability has a huge impact on Google Glass because many free Android apps use WebView to load HTML content (such as developer websites, instructions, and advertisements ), if attackers can modify HTML content through malicious JavaScript code, it will cause significant losses to website operators and users.
Apparently, this is a security risk of Google glasses, but Google has not issued a statement, and we hope the vulnerability can be repaired as soon as possible.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
