Android WebView Vulnerability (Android 4.1 or older) - Hacker can install malicious software, send SMSs by javascript code.

Android WebView Vulnerability  - Android 4.1 or older

AVG Security expert reported a critical vulnerability in Android's WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks.
Android WebView - A View that displays web pages, allows the user to view a web page as a part of an ordinary Android application.The WebView class is an extension of Android’s View class that allows you to display web pages as a part of the appication’s screen layout. It uses the WebKit rendering engine to display web pages and includes methods to navigate forward and backward through a history, zoom in and out, perform text searches etc. . It does not include any features of a fully developed web browser.if the web page you plan to load in your WebView uses JavaScript, you must enable JavaScript for your WebView.Once JavaScript is enabled, you can create interfaces between your application code and your JavaScript code.

addJavascriptInterface (Object object, String name) method

  The addJavascriptInterface method injects a supplied Java object into WebView. The object is injected into the JavaScript context of the main frame, using a supplied name and this allows the Java object’s methods to be accessed from JavaScript. For applications running Android 4.1 or older, all public methods (including the inherited ones) can be accessed, so when a user’s installed application with addJavascriptInterface method loads an external webpage it can use WebView and javascript to call a java object (like a ‘Javascript pipeline’ and usage of reflection to invoke any other unregistered Java class) which allows attackers to call Android’s Java methods.

 The fix: 

 For applications running Android 4.2 all public methods that are annotated with JavascriptInterface can be accessed from JavaScript. So if you develop an application for SDK version 17 or higher, you must add the @JavascriptInterface annotation to any method that you want available to your JavaScript. If you do not provide the annotation, the method is not accessible by your web page when running on Android 4.2 or higher. What you should do? As developers you should not assign unsafe functions. As users you should try not to download suspicious mobile applications from third party markets and avoid clicking on suspicious links coming from strangers.

 Infection method:

 Users can be infected when they click on a URL link using a vulnerable application that allows opening a Java enabled browser or web page. The device will automatically perform the malicious actions that were ordered in the malicious web page that contain those JavaScript commands. The commands in the JavaScript code can enable attackers to install malicious software, send SMSs, steal personal information and more.

courtesy avg blog

Read More

The iPhone 5s with fingerprint sensor at $199 ,coming September 20th

iPhone 5S -News and features

iPhone 5s is the most forward-thinking smartphone in the world, delivering desktop class architecture in the palm of your hand,” said Philip Schiller, Apple’s senior vice president of Worldwide Marketing.
Apple today announced the iPhone 5s, its latest smartphone. It runs iOS 7, with Touch ID™, an innovative way to simply and securely unlock your phone with just the touch of a finger, and looks almost exactly same as the iPhone 5 ,comes with different colors silver, space gray, and gold .

Apple iPhone 5s price and  specifications 

Price 

• 16GB -  $199 
•  32GB - $299
•  64GB  - $399 

Specifications

• A7 chip with 64-bit architecture
• M7 motion coprocessor
• Fingerprint identity sensor built into the Home button
• Retina display
• 4-inch (diagonal) widescreen
• 8 megapixels with 1.5µ pixels (ƒ/2.2 aperture ,Autofocus ,Tap to focus ,Five-element lens)
• 1080p HD video recording , improved video stabilization, Face Time -1.2MP photos (1280 by 960) 720p HD video recording Backside illumination sensor
• Talk time: Up to 10 hours on 3G
• Three-axis gyro Accelerometer , Proximity sensor , Ambient light sensor, Fingerprint identity sensor
• Nano-SIM iPhone 5s is not compatible with existing micro-SIM cards.
• Talk time: Up to 10 hours on 3G

Read More

iPhone 5c - For the colorful -available on September 20th for $99

  iPhone 5C -Available on September 20th for $99

 

Apple  introduce its latest smartphone today at a special event in Cupertino . iPhone 5C comes with green, white, blue, pink, and yellow colors With an all-new design, The back and sides of the device are made from a single part, "this is iPhone as you’ve never seen it — or held it. iPhone 5c is beautifully, unapologetically plastic, the better to bring its five decidedly uncommon colors to life. Beneath the smooth surface of the seamless outer shell, a steel-reinforced frame provides structural integrity. So iPhone 5c feels reassuringly solid in your hand." - Apple.
Apple has also created custom cases , soft-feel silicon rubber that slip onto the handset. priced at $29

Learn more about the features of iPhone 5s

•  4-inch Retina display
• A6 processor.
• iOS 7
•  8-megapixel rear camera
•  improved FaceTime HD camera at the front 
• The 5c also includes support for "more LTE bands that any other smartphone in the world," (this particular iPhone will launch broadly around the world). 

Price Of iPhone 5C

1. 16GB model - $99,
2. 32GB version is priced at $199.

Order the iPhone 5c

Apple will start taking pre-orders for the iPhone 5c on September 13th, and the device will be available in the

• US
•  Australia
•  Canada
•  China
• France
• Germany
• Japan
• Singapore
•  UK on September 20th.

 

Read More