Owners of Android phones from 2013 and earlier should take
a moment to disable the default Browser app and choose a
safe, reliable replacement like Firefox or Chrome.
Users of 2013 and earlier Android phones beware: Your default web browser may contain a serious security flaw. Researcher Rafay Baloch recently discovered a bug in the way the Android Browser app handles JavaScript that could let malicious websites access locally stored data from other sites. This vulnerable data could include stored passwords, your phone’s cookies and possibly even your keystrokes. By exploiting this bug, a hacker could easily take over your webmail or online banking sessions posing as you.
The browser issue affects anyone whose phone runs a version of Android other than the current Android 4.4 Kit Kat version. That means approximately three out of every four Android phones currently in operation are at risk. Note that some third-party apps may use Browser by default as part of their operation, even if you use something different than Browser yourself. The Chrome web browser is not affected and safe to use.
The good news here is that there’s no evidence that this bug is currently being exploited. The bad news is that it’d be hard to know if it was. And given how much is at stake – basically, control of your entire web browsing experience – the bug is critical enough to merit serious concern.
Google is pushing a pair of updates to fix this highly sensitive bug, so be sure to keep your phone’s operating system updated. The Sophos Naked Security blog recommends you take the extra step of disabling Browser and using a better-supported web browser like Chrome or Firefox instead. To do so, tap Browser on the All apps page, then tip the Disable button. Then download a replacement web browser app on the Google Play Store.
For more information on this particular bug, you can visit Baloch’s website at rafayhackingarticles.net. You may also want to check out our need-to-know guide to mobile security. And while your choice of replacements for Browser is up to you, I recommend checking out Firefox – it syncs well with the desktop version, our choice for the best web browser available.
From Don Heath on September 19, 2014 :: 4:18 pm
Have you tried the CM (Cheetah Mobile) browser for android? Are you aware of any problems with using it?
Reply