Remote Code Execution Vulnerability in Adobe PhoneGap on Android
CVE-2014-1883

Currently unrated

Key Information:

Vendor

Adobe
Status
Phonegap
Vendor
CVE Published:
3 March 2014

What is CVE-2014-1883?

Adobe PhoneGap prior to version 2.6.0 on Android is vulnerable to a remote code execution flaw stemming from its improper use of the shouldOverrideUrlLoading callback instead of the expected shouldInterceptRequest callback. This oversight can be exploited by remote attackers, allowing them to bypass intended restrictions on device resources. The vulnerability can be triggered through content loaded in IFRAME elements or via XMLHttpRequest methods initiated by malicious applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf
x_refsource_MISC
http://www.internetsociety.org/ndss2014/programme#session3
x_refsource_MISC
http://seclists.org/bugtraq/2014/Jan/96
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.