Android vulnerability permits data theft

Filed under
Security

Security expert Thomas Cannon has discovered a security vulnerability in the Android browser which can be exploited by attackers to read local files when a smartphone user visits a crafted web site.

The vulnerability appears to affect all versions of Android, including the current version 2.2 (Froyo). Our colleagues at heise Security have been able to reproduce the exploit on both a Google Nexus One and a Samsung Galaxy Tab, both running Android 2.2. Cannon reports that he has verified the vulnerability on an HTC Desire (2.2) and on the Android emulator (1.5, 1.6 and 2.2) in the SDK.

rest here