JVN#19948778: Photon vulnerable to URL whitelist bypass

Photon provided by Newphoria Corporation Inc. is an application for Android built using “applican”. Photon contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme.

Impact

Android version of this app may allow an applican API to be executed if that API has been granted permission in the android manifest.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

• Photon for Android versions 1.1 and earlier