Major Browser Vulnerability Reported for Android, BlackBerry, iOS


While we may think of the web browsers that accompany the major smartphone operating systems as wholly distinct entities, many of them share common elements. At the heart of mobile Safari, the Android browser, and RIM’s browser for the PlayBook is some code known as WebKit. Browsers heavily rely on WebKit to handle page layout when rendering content to the screen. Unfortunately, that may mean that an unusually large fraction of smartphones are vulnerable to a newly-discovered exploit.

The news comes courtesy of security firm CrowdStrike, which intends to make a presentation on the vulnerability at the RSA Conference tomorrow. For the moment, at least, details on the attack aren’t yet available, so all we have to go on are CrowdStrike’s descriptions of what’s possible.

From the sound of it, this WebKit exploit allows for remote code execution on systems with vulnerable browsers; simply clicking the wrong link on a malicious site should be enough to infect you. Of course, you still need a payload to go along with your infection vector, and CrowdStrike reports success adapting existing Android malware to be spreadable via this method.

This all sounds very scary, but we’d recommend holding-off on full-blown panic until details on the attack are explained. For all we know, there may be factors at play that limit the possible effects of the exploit, or make it difficult to deploy. Until we know more, just think twice before clicking any suspicious links.


Via: WMPoweruser

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!