Interested application security bods can peruse his posts for full technical details. Classificação dos utilizadores para Navegador Anónimo Dolphin Zero: 4. These are all virtually shredded when you close. Chaining these vulnerabilities together can allow a remote attacker to perform arbitrary reading and writing of files within the Mercury Browser's data directory. Faz já o download do APK de Navegador Anónimo Dolphin Zero 1.4.1 para Android. It doesnt retain any of the commonly looked for traces no history, no cache, and, unfortunately, no bookmarks. "The Mercury Browser for Android suffers from an insecure Intent URI scheme implementation and a path traversal vulnerability within a custom web server used to support its WiFi Transfer feature. The hacker recommends users stick with their current theme and consider using a different browser until a fix is dropped.īut they should avoid moving to Mercury in fact those users should dump that browser too thanks to a series of chained unpatched holes, according to the hacker. Dolphin Zero is ultra lightweight with only 500K app size. The Dolphin Browser was last updated in July meaning that all users are vulnerable to the zero day vulnerability. The only user interaction this requires is selecting, downloading, and applying a new Dolphin Browser theme." Through the exploitation of this functionality, an attacker can achieve an arbitrary file write, which can then be turned into code execution within the context of the browser on the user's device. He says Dolphin can be slapped by manipulating its themes with the following attack: "An attacker with the ability to control the network traffic for users of the Dolphin Browser for Android can modify the functionality of downloading and applying new themes for the browser.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |