Trustlook security research team have discovered the webview remote code execution vulnerability on the Indeed job search app, which is among the most popular job seeking apps with 10 million – 50 million installations.
Here is a Prove-of-Concept video:
We strongly recommend the users to open this app under a trusted network, before the vendor officially release a patch.
Jan 16: Vulnerability discovered on routined scanning on Google Play
Jan 16: Marked as “risky app” on Trustlook Antivirus.
Feb 12: Contacted vendor
Mar 6: No response from vendor. Disclose.