ITS Online

Android Browser Vulnerability

February 26, 2014

An exploit has been circulating that takes advantage of vulnerabilities in the default Android browser on Android 4.1 and older.  This exploit can be used to control phone functionality, including remotely accessing a phone’s camera, file system, geographic location, SD card contents, and address books, among other resources

 

Google has fixed the bug in new Android releases beginning with Android 4.2, released on November 13, 2012, but Android 4.2 and above is only available on a small subset of Android devices.

 

To mitigate the vulnerability, users of Android 4.1 and previous are encouraged to download and use an alternative web browser from the Google Play Store, such as Chrome or Firefox.  These alternative browsers do not rely on software updates from the carrier and can respond to security exploits with updates in the Google Play Store.

 

The Android version can be found under Settings and then under About Phone. Any version of Android numbered 4.1.x and lower is vulnerable; devices running Android 4.2 and higher are not vulnerable.

 

For more information, please email itshelp@law.upenn.edu.

 

Latest News

  • Image preview
    Penn+Box is a cloud storage service that is available to all Penn Law Students, Faculty, and Full-Time Staff.  Log in with your PennKey and start using your 50 GB!
  • Image preview
    Check out ITS Online to learn how to use the technology resources provided at Penn Law.  There are detailed guides that provide instructions for Printing, Canvas, WiFi and more.