Apache Cordova Fixes Flaw Causing App Crashes

Apache Cordova Fixes Flaw Causing App Crashes

The developers of Apache Cordova Android have released a fix on Tuesday for a critical flaw that could cause apps to crash or display unwanted dialog boxes. 
 iOS is not affected

APACHE CORODOVA ANDROID

It is a set of APIs (application programming interfaces) that allows developers to access functions such as a camera or accelerometer using JavaScript.

Seven Shen, Mobile Threats Analyst at Trend Micro, noted that 5.6 percent of apps in Google's Play store use Cordova and are vulnerable.

HOW IT WORKS

"Secondary configuration variables, also known as preferences, are set of variables reserved for developers to configure their apps.  They are the sources of the build-in characteristics of Cordova-based Apps and should be only controlled by app developers.  Any tampering to these variables during runtime initialization will certainly mess up the APP’s normal behaviours," the researcher explains.

Android applications built with the Cordova framework that don’t have explicit values set in Config.xml can have undefined configuration variables set by Intent. This can cause unwanted dialogs appearing in applications and changes in the application behaviour that can include the app force-closing.

Android app developers are advised to upgrade the Cordova framework to the latest version (4.0.2).

No comments

Powered by Blogger.