First published: Mon Mar 03 2014(Updated: )
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Android | <=4.3.1 | |
Android | =4.0 | |
Android | =4.0.1 | |
Android | =4.0.2 | |
Android | =4.0.3 | |
Android | =4.0.4 | |
Android | =4.1 | |
Android | =4.1.2 | |
Android | =4.2 | |
Android | =4.2.1 | |
Android | =4.2.2 | |
Android | =4.3 | |
Shareit | <=3.5.88_ww |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-1939 has a medium severity rating, allowing potential attackers to execute arbitrary Java code.
To fix CVE-2014-1939, upgrade to Android version 4.4 (KitKat) or later.
CVE-2014-1939 affects Android versions prior to 4.4, including 4.0, 4.1, 4.2, and 4.3.
CVE-2014-1939 can lead to arbitrary code execution attacks via the vulnerable addJavascriptInterface API.
CVE-2014-1939 is particularly relevant to applications utilizing the SearchBoxImpl class in conjunction with web view components.