Gilt Android App Remote Code Execution Vulnerability

Here we want to disclose another app that affected by the addJavascriptInterface vulnerability. Gilt Android Application version 3.01 and below is vulnerable to this attack. (About more details, please see our previous post: Hackers can pwn your Android in 10 seconds and A billion of Android users are exposed to a high risk vulnerability)

 

 

Above is the prove of concept video, an attacker could install arbitrary APK from Internet into your phone. Again, you did not do anything wrong and the only thing you do is to open Gilt under an insecure router or wifi network.

We already built in the scanning module in our Trustlook Antivirus, which can now detect the apps that are potentially impacted by this vulnerability:

device-2014-01-20-194641 (2)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s