Right at the start of September, security researcher Rafay Baloch released details on an Android bug that has now been called a “privacy disaster”.

That apparently hyperbolic statement doesn’t look too far wide of the mark, given anyone not running the latest release, Android 4.4, is affected. That means as many as 75 per cent of Android devices and millions of users could be open to attack, according to Google’s own stats, though not all are likely to be using the affected Android Open Source Platform (AOSP) Browser.

The nature of the bug has worried onlookers too. The flaw could allow a bypass of the Same Origin Policy (SOP) protection used by most modern browsers. Crucially, the SOP protection stops malicious code from spilling over from one site to others open on separate tabs.

Read the Full Article: Source – Forbes
http://www.forbes.com/sites/thomasbrewster/2014/09/16/widespread-android-vulnerability-a-privacy-disaster-claim-researchers/

source not found