A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network

Do not use unsecured WLAN connections like in shopping malls, restaurants etc.

 

ESET security researcher Lukas Stefanko yesterday tweeted an alert demonstrating the exploitation of a recently disclosed high-risk remote command execution vulnerability affecting the Firefox app for Android.
 
Discovered originally by Australian security researcher Chris Moberly, the vulnerability resides in the SSDP engine of the browser that can be exploited by an attacker to target Android smartphones connected to the same Wi-Fi network as the attacker, with Firefox app installed.
 
"The target simply has to have the Firefox application running on their phone. They do not need to access any malicious websites or click any malicious links. No attacker-in-the-middle or malicious app installation is required. They can simply be sipping coffee while on a cafe's Wi-Fi, and their device will start launching application URIs under the attacker's control," Moberly said.

 

More at thehackernews.com

Leave a Reply

Your email address will not be published. Required fields are marked *