Summary: com.twitter.android.lite.TwitterLiteActivity was set to exported, data passed to intent was not validated and its web view has JSInterface that available to any URL which was loaded through this activity as well as insecure schemes like file, javascript was available through intent.
Continue reading “Twitter Android Javascript Interface Vulnerability”Whatsapp IP address disclosure with Link Preview feature
Continue reading “Whatsapp IP address disclosure with Link Preview feature”Simple php code could disclose Whatsapp ip address and app version and save disclosed information to attackers server.
From NA to $3000 : Facebook’s URL spoofing vulnerability
Summary: This could have let a malicious user spoof the URL bar of multiple Facebook Android apps by navigating to a different domain on the original tab after a new tab had been opened using the setInterval method.
Continue reading “From NA to $3000 : Facebook’s URL spoofing vulnerability”