Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to directly access bridge JavaScript objects as demonstrated by certain cordova.require calls.
openwall.com/lists/oss-security/2014/02/07/9
packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt
seclists.org/bugtraq/2014/Jan/96
www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf
www.internetsociety.org/ndss2014/programme#session3
github.com/apache/cordova-ios/compare/7452c68c73d89285d51b06839dce1dfac8850004...d6fd0afdc430db947e257c0e80a8fcae2bee55bd
github.com/georgiev-martin/NoFrak/commit/df5cdc79766b6fa4ba78497532641ba1a5000812