430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Samsung Android Browser is affected by a critical SOP bypass issue, a Metasploit exploit code is available

The browser app pre-installed on Samsung Android devices is affected by a critical SOP bypass issue, tracked as CVE-2017-17692. The browser app pre-installed on Android devices is affected by a critical flaw, tracked as CVE-2017-17692, that could be exploited by an attacker to steal data from browser tabs if the user visits an attacker-controlled site. The SOP bypass issue in […]

Samsung SOP bypass issue

The browser app pre-installed on Samsung Android devices is affected by a critical SOP bypass issue, tracked as CVE-2017-17692.

The browser app pre-installed on Android devices is affected by a critical flaw, tracked as CVE-2017-17692, that could be exploited by an attacker to steal data from browser tabs if the user visits an attacker-controlled site.

The SOP bypass issue in the Samsung Internet Browser was discovered by the security researcher Dhiraj Mishra.

The CVE-2017-17692 vulnerability is a Same Origin Policy (SOP) bypass issue that affects the Samsung Internet Browser version 5.4.02.3 and earlier.
Samsung SOP bypass issue

The Same Origin Policy is one of the most important security mechanisms implemented in modern browsers, the basic idea behind the SOP is the javaScript from one origin should not be able to access the properties of a website on another origin.

A SOP bypass occurs when a sitea.com is somehow able to access the properties of siteb.com such as cookies, location, response etc.

An attacker can copy victim’s session cookie or hijack his session and read and write webmail on your behalf.

Mishra developed a Metasploit Module for the exploitation of the SOP bypass issue and reported the flaw to the MITRE to assign CVE.

Mishra also reported the flaw to Samsung, who acknowledged it and confirmed that “the patch is already preloaded in our upcoming model Galaxy Note 8, and the application will be updated via Apps store update in October.

Here is the Source Code for Bypassing Same Origin Policy in Samsung Internet Browser in Metasploit,

“When the Samsung Internet browser opens a new tab in a given domain (say, google.com) through a Javascript action, that Javascript can come in after the fact and rewrite the contents of that page with whatever it wants,” reads a blog post published by researchers from security firm Rapid7.

“This is a no-no in browser design since it means that Javascript can violate the Same-Origin Policy, and can direct Javascript actions from one site (controlled by the attacker) to act in the context of another site (the one the attacker is interested in). Essentially, the attacker can insert custom Javascript into any domain, provided the victim user visits the attacker-controlled web page first.”

The experts from Rapid7 have also published a video PoC of the attack.

The availability online of the Metasploit exploit code pose a serious risk to Android users that are still using the old Android Stock browser.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – SOP bypass issue, Android)

[adrotate banner=”5″]

[adrotate banner=”13″]