Summary: com.twitter.android.lite.TwitterLiteActivity was set to exported, data passed to intent was not validated and its web view has JSInterface that available to any URL which was loaded through this activity as well as insecure schemes like file, javascript was available through intent.
Continue reading “Twitter Android Javascript Interface Vulnerability”