Android Browser Vulnerability

February 26, 2014

An exploit has been circulating that takes advantage of vulnerabilities in the default Android browser on Android 4.1 and older.  This exploit can be used to control phone functionality, including remotely accessing a phone’s camera, file system, geographic location, SD card contents, and address books, among other resources

 

Google has fixed the bug in new Android releases beginning with Android 4.2, released on November 13, 2012, but Android 4.2 and above is only available on a small subset of Android devices.

 

To mitigate the vulnerability, users of Android 4.1 and previous are encouraged to download and use an alternative web browser from the Google Play Store, such as Chrome or Firefox.  These alternative browsers do not rely on software updates from the carrier and can respond to security exploits with updates in the Google Play Store.

 

The Android version can be found under Settings and then under About Phone. Any version of Android numbered 4.1.x and lower is vulnerable; devices running Android 4.2 and higher are not vulnerable.

 

For more information, please email itshelp@law.upenn.edu.

 

Latest News

  • The Box team recently announced a new and improved, more personalized user experience with interface changes and backend improvements. Read on for more details
  • This year a new Special print account is being added for all Penn Law students. This account is to be used when printing for approved group and programs. All other printing remains the same, please read on for more details.