Lucene search

K
hackappHackapp.orgHACKAPP:ORG.SATOK.GWEATHER.APK
HistoryApr 01, 2016 - 9:35 a.m.

World Weather Clock Widget - AWS Credentials, Dangerous filesystem permissions vulnerabilities

2016-04-0109:35:55
Hackapp.org
hackapp.com
6

HackApp vulnerability scanner discovered that application World Weather Clock Widget published at the β€˜play’ market has multiple vulnerabilities.

Name

World Weather Clock Widget

Vendor

satok

Link

ORG.SATOK.GWEATHER.APK

Store

play

Version

6.043
  • NOTICE
  • External URLs

    Were do they point?

  • Suspicious files

    Are you sure these files should be here?

  • Unsafe deleting

    All items deleted with 'file.delete()' could be recovered.

  • MEDIUM
  • SD-card access

    SD-cards and other external storages have 'worldwide read' policy.

  • Exported components

    Other applications could access the interfaces.

  • WebView files access

    Control of WebView context allows to access local files.

  • WebView JavaScript enabled

    WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.

  • CRITICAL
  • Dangerous filesystem permissions

    Files created with these methods could be worldwide readable.

  • AWS Credentials

    Everyone can use it to access your resources.

CPENameOperatorVersion
world weather clock widgetle6.043