Lucene search
Hackapp.orgHACKAPP:COM.WAPP.STICKERS.APKHistoryMar 31, 2016 - 10:27 p.m.
Stickers Smileys for WhatsApp - Dangerous filesystem permissions, Dynamic Code Loading, External URLs vulnerabilities
2016-03-3122:27:14
Hackapp.org
hackapp.com
9
HackApp vulnerability scanner discovered that application Stickers Smileys for WhatsApp published at the βplayβ market has multiple vulnerabilities.
Name
Stickers Smileys for WhatsAppVendor
eseteiLink
COM.WAPP.STICKERS.APKStore
playVersion
3.2- CRITICAL
- Dangerous filesystem permissions
Files created with these methods could be worldwide readable.
- MEDIUM
- WebView JavaScript enabled
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
- WebView files access
Control of WebView context allows to access local files.
- Dynamic Code Loading
Code for 'DexClassLoader' could be tampered.
- SD-card access
SD-cards and other external storages have 'worldwide read' policy.
- NOTICE
- External URLs
Were do they point?
- Unsafe deleting
All items deleted with 'file.delete()' could be recovered.
| CPE | Name | Operator | Version |
|---|---|---|---|
| stickers smileys for whatsapp | le | 3.2 |