Security is to protect all we have and a flaw in it comes in different ways. Such flaws cannot be forgiven since they could cause largest problems. We need to be ready and up to date for new problems.
A critical vulnerability has been discovered in the browser app comes pre-installed on vast sums of Samsung Android devices that could allow an attacker to grab data from web browser tabs if an individual trip an attacker-controlled site.
Identified as CVE-2017-17692, the vulnerability is Same Origins Policy (SOP) bypass concern that resides in the favourite Samsung WEB BROWSER version 5.4.02.3 and earlier.
The SOP bypass vulnerability in the Samsung Internet Browser, uncovered by Dhiraj Mishra, could allow a malicious website to steal data, such as passwords or cookies, from the sites opened by the victim in various tabs.
Attackers can even snag a copy of your program cookie or hijack your session and read and write web mail on your behalf.
Mishra reported the vulnerability to Samsung, and the company replied that “the patch is already preloaded in our upcoming model Galaxy Note 8, and the application will be updated via Apps store update in October.”
Meanwhile, Mishra, with the help of Tod Jeffrey and Beardsley Martin from Rapid7 team, released an exploit for Metasploit Framework also Rapid7 analysts have also posted a video demonstrating the attack.
Because the Metasploit exploit code for the SOP bypass vulnerability in the Samsung Internet Browser is now publicly available, anyone with less technical knowledge can use and exploit the flaw on a big number of Samsung devices, the majority of which are using the old Android Stock browser still.