![]() putExtra ( "POSTPONED_ACTION_INTENT", next ) startActivity ( intent ) ![]() setClassName ( "com.evernote", "4x1SettingsActivity" ) intent. putExtra ( "EXTRA_HTML_CONTENT", "alert(document.domain)" ) Intent intent = new Intent () intent. setClassName ( "com.evernote", ".GnomeWebViewActivity" ) next. The app also added an authentication cookie to EXTRA_BASE_URL, meaning account access could be intercepted. We decided to use the unexported activity .GnomeWebViewActivity, which took two parameters - EXTRA_BASE_URL and EXTRA_HTML_CONTENT - and passed them when calling WebView.loadDataWithBaseURL(String baseUrl, String data, String mimeType, String encoding, String historyUrl), which allowed arbitrary HTML/JS to be displayed for an arbitrary URL. We uncovered access to arbitrary components in activities 4x1SettingsActivity:Īnd 4x2SettingsActivity:Īn attacker could have used this error to gain access to arbitrary activities. Start securing your apps by starting a free 2 weeks trial from Quick Start, or you can book a call with our team or contact us to explore more. You can integrate Oversecured into your development process and check every new line of your code to ensure your users are always protected. Evernote’s security team reports that they do not have any evidence that these issues were exploited in the wild.ĭo you want to check your mobile apps for such types of vulnerabilities? Oversecured mobile apps scanner provides an automatic solution that helps to detect vulnerabilities in Android and iOS mobile apps. Evernote fixed these issues as of release 8.12.2, released October 2019. ![]() They included the potential for Universal-XSS (execution of arbitrary JavaScript code on an arbitrary domain), theft of cookies from all sites, rewriting of arbitrary files, and automatic activation of the microphone to eavesdrop on the user. Some time ago, we decided to scan the app - and we discovered six vulnerabilities. Oversecured found dangerous vulnerabilities in the Evernote app for Android, which could have allowed access to user accounts to be intercepted by a hostile app installed on the same device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |