Remote Code Execution Vulnerability in Apache Cordova and Adobe PhoneGap
CVE-2014-1882

Currently unrated

Key Information:

Vendor: Adobe
Status: Phonegap
Vendor: CVE Published:; 3 March 2014

Summary

Apache Cordova versions 3.3.0 and earlier, along with Adobe PhoneGap versions 2.9.0 and earlier, contain a vulnerability that allows remote attackers to bypass security measures intended to restrict access to device resources. This occurs through a crafted library clone that exploits IFRAME script execution, enabling direct access to bridge JavaScript objects. Exploitation of this weakness could permit unauthorized manipulation of the underlying device functionalities through specific calls, potentially leading to severe consequences for user data and device integrity.

References

http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf

x_refsource_MISC

http://www.internetsociety.org/ndss2014/programme#session3

x_refsource_MISC

http://seclists.org/bugtraq/2014/Jan/96

mailing-listx_refsource_BUGTRAQ

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 3, 2014
Vulnerability Reserved
Feb 7, 2014