Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows an attacker to send a malicious text message to the browser associated with the account when attacker is able to get access to a phone with AirDroid installed.
According to the Department of Homeland Security’s Vulnerability Notes Database ,
"When this message is viewed on the AirDroid web interface an attacker
can initiate a cross-site scripting attack, which may result in information leakage, privilege escalation, and denial of service on the host computer.
There is no patch at this time for this vulnerability. As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent XSS, CSRF, or SQLi attacks since the attack comes as an HTTP request from a legitimate user’s host. But Restricting access would prevent an attacker from accessing the AirDroid web interface using stolen credentials from a blocked network location.”
1 comment:
Great Information. Thank You Author, for sharing your valuable information about iot with us. People who are reading this blog can continue your knowledge which you gained with us and know how to apply this practically along with our.http://www.privateproxiesreview.com/top-4-important-tips-enhance-security-android-device/
Post a Comment