Lucene search
Hackapp.orgHACKAPP:COM.SHAREITAGAIN.MYMOODSMILEY.APKHistoryApr 01, 2016 - 9:25 a.m.
What'Smileys: smileys for chat - Dangerous filesystem permissions, WebView code execution vulnerabilities
2016-04-0109:25:37
Hackapp.org
hackapp.com
7
HackApp vulnerability scanner discovered that application WhatβSmileys: smileys for chat published at the βplayβ market has multiple vulnerabilities.
Name
What'Smileys: smileys for chatVendor
Share It AgainLink
COM.SHAREITAGAIN.MYMOODSMILEY.APKStore
playVersion
2.37- MEDIUM
- WebView files access
Control of WebView context allows to access local files.
- Dynamic Code Loading
Code for 'DexClassLoader' could be tampered.
- WebView JavaScript enabled
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
- SD-card access
SD-cards and other external storages have 'worldwide read' policy.
- CRITICAL
- WebView code execution
WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.
- Dangerous filesystem permissions
Files created with these methods could be worldwide readable.
- NOTICE
- Suspicious files
Are you sure these files should be here?
- Unsafe deleting
All items deleted with 'file.delete()' could be recovered.
- External URLs
Were do they point?
| CPE | Name | Operator | Version |
|---|---|---|---|
| what'smileys: smileys for chat | le | 2.37 |