Most users are pretty familiar with the Sign in with Google or Sign in with Facebook options that appear when logging into a service inside the app. This is generally used during in-app sign-ins, and other scenarios, to make things a little smoother. WebView on Android opens a webpage inside the app without switching to your primary mobile browser. With no Android 13 or Android 14 phones used to test this vulnerability, we cannot rule out the notion that Google is already aware of it or has maybe even fixed it with the more recent releases of Android. However, one of the slides from their presentation reveals the use of a Poco F1 running Android 10 and the December 2020 security patch, the Samsung Galaxy A52 (Android 12, April 2022 patch), and the Galaxy Tab S6 Lite (Android 11, January 2022 patch). The trio of researchers conducted the tests on " new and up-to-date Android devices," according to TechCrunch. They presented their findings in detail at the recently concluded BlackHat Europe 2023, a well-known annual cybersecurity forum. Named " AutoSpill," this vulnerability was jointly discovered by Ankit Gangwal, Shubham Singh, and Abhijeet Srivastava, who have reportedly gotten in touch with makers of the password manager apps they tested this on - 1Password, LastPass, Keeper, and Enpass (who have already patched this vulnerability last year) - as well as Google.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |