'Popular Android Browsers Dolphin and Mercury Are Vulnerable'

Share on Facebook Tweet Snapchat Share Reddit Comment
'Popular Android Browsers Dolphin and Mercury Are Vulnerable'

Major security vulnerabilities have been found in Dolphin and Mercury Android browsers. Security enthusiast Rotologix has revealed zero-day flaws in the Web browsers, which if exploited, allows attackers to perform remote code execution.

The Dolphin and Mercury browsers are quite popular on Android, racking in over 100 million users. Specifically, the Dolphin remote code execution exploit allows an attacker to replace the browser's theme package with an infected counterpart.

Going further in, the exploit allows an attacker to modify the network traffic, which allows the person to modify the functionality of downloading and applying new themes to the browser. Once affected, a victim is only required to select, download, and apply a new Dolphin browser theme. The Dolphin browser hasn't been updated since July, suggesting that all users are likely affected by the zero-day vulnerability.

"An attacker with the ability to control the network traffic for users of the Dolphin browser for Android, can modify the functionality of downloading and applying new themes for the browser," Rotologix wrote in a blog post. "Through the exploitation of this functionality, an attacker can achieve an arbitrary file write, which can then be turned into code execution within the context of the browser on the user's device," he added.

Moving on, Rotologix says that Mercury browser for Android is affected with an insecure Intent URI scheme implementation and a path traversal vulnerability that provides support to the Wi-Fi Transfer feature. "Chaining these vulnerabilities together can allow a remote attacker to perform arbitrary reading and writing of files within the Mercury Browser's data directory," he added.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Android, Apps, Dolphin, Mercury, Security
India Funding Roundup: Bluegape, Mebelkart, Timesaverz, BookMeIn, LabsAdvisor
'Memo' App Lets You Vent About Work Anonymously

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com