ITS Online

Android Browser Vulnerability

February 26, 2014

An exploit has been circulating that takes advantage of vulnerabilities in the default Android browser on Android 4.1 and older.  This exploit can be used to control phone functionality, including remotely accessing a phone’s camera, file system, geographic location, SD card contents, and address books, among other resources


Google has fixed the bug in new Android releases beginning with Android 4.2, released on November 13, 2012, but Android 4.2 and above is only available on a small subset of Android devices.


To mitigate the vulnerability, users of Android 4.1 and previous are encouraged to download and use an alternative web browser from the Google Play Store, such as Chrome or Firefox.  These alternative browsers do not rely on software updates from the carrier and can respond to security exploits with updates in the Google Play Store.


The Android version can be found under Settings and then under About Phone. Any version of Android numbered 4.1.x and lower is vulnerable; devices running Android 4.2 and higher are not vulnerable.


For more information, please email


Latest News

  • This year a new Special print account is being added for all Penn Law students. This account is to be used when printing for approved group and programs. All other printing remains the same, please read on for more details.
  • AirPennNet-Guest Wifi will be upgraded on April 27th. Device registration will require just an email address and guests will need to renew registration daily. Penn Law faculty, staff and students should all be using AirPennNet – not AirPennNet-Guest for Wifi.