11/1/2023 0 Comments Dropbox android![]() Upon discovery of the vulnerability, the IBM team privately disclosed the issue to Dropbox. It cannot, however, be exploited if the Dropbox app is installed on the device (it does not even need to be configured, just installed). The vulnerability can be exploited in two ways, using a malicious app installed on the user’s device or remotely using drive-by techniques. This is a serious flaw in the authentication mechanism within any Android app using a Dropbox SDK Version 1.5.4 through 1.6.1 (note: this vulnerability was resolved in Dropbox SDK for Android v1.6.2). The IBM X-Force Application Security Research Team has discovered a vulnerability in the Dropbox SDK for Android (CVE-2014-8889) which allows attackers to connect applications on mobile devices to a Dropbox account controlled by the attacker without the victim’s knowledge or authorization.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |