UC Browser is the presence of man in the middle attacks(MITM)vulnerability that could impact more than a billion devices-vulnerability warning-the black bar safety net

ID MYHACK58:62201993401
Type myhack58
Reporter 佚名
Modified 2019-03-29T00:00:00


Researchers find UC Browser in the presence of a vulnerable functional block can be exploited by attackers to perform MiTM attacks. Because the UC Browser using the HTTP Protocol to communicate with the server, the transmission information is not encrypted, so the would be attacker hook request from the application, and the command and the link replaced with a malicious address, result from UC Browser download module, downloaded from a malicious server. And UC the browser itself using unsigned plugins, so there is no any verification it is possible to start the malicious module. An attacker can use this mechanism, use UC Browser distribute, perform different malicious plug-ins, and even use Trojans to access the protected browser file and steal stored in the program directory in the password. The UC Browser has more than a billion downloads, the related devices may be exposed to the risk