ITS Online

Android Browser Vulnerability

February 26, 2014

An exploit has been circulating that takes advantage of vulnerabilities in the default Android browser on Android 4.1 and older.  This exploit can be used to control phone functionality, including remotely accessing a phone’s camera, file system, geographic location, SD card contents, and address books, among other resources


Google has fixed the bug in new Android releases beginning with Android 4.2, released on November 13, 2012, but Android 4.2 and above is only available on a small subset of Android devices.


To mitigate the vulnerability, users of Android 4.1 and previous are encouraged to download and use an alternative web browser from the Google Play Store, such as Chrome or Firefox.  These alternative browsers do not rely on software updates from the carrier and can respond to security exploits with updates in the Google Play Store.


The Android version can be found under Settings and then under About Phone. Any version of Android numbered 4.1.x and lower is vulnerable; devices running Android 4.2 and higher are not vulnerable.


For more information, please email


Latest News

  • Image preview
    As an instructor, you can verify all external links throughout your course to ensure they are valid. You can check these links using the course link validator, which searches through course content and returns invalid or unresponsive external links in both published and unpublished content.
  • Image preview
    Join us Friday, January 22 at noon in Gittis 213 to learn how you can get started using Poll Everywhere. This solution is available to all Penn Law faculty and staff for unlimited polls.