ITS Online

Android Browser Vulnerability

February 26, 2014

An exploit has been circulating that takes advantage of vulnerabilities in the default Android browser on Android 4.1 and older.  This exploit can be used to control phone functionality, including remotely accessing a phone’s camera, file system, geographic location, SD card contents, and address books, among other resources


Google has fixed the bug in new Android releases beginning with Android 4.2, released on November 13, 2012, but Android 4.2 and above is only available on a small subset of Android devices.


To mitigate the vulnerability, users of Android 4.1 and previous are encouraged to download and use an alternative web browser from the Google Play Store, such as Chrome or Firefox.  These alternative browsers do not rely on software updates from the carrier and can respond to security exploits with updates in the Google Play Store.


The Android version can be found under Settings and then under About Phone. Any version of Android numbered 4.1.x and lower is vulnerable; devices running Android 4.2 and higher are not vulnerable.


For more information, please email


Latest News