Hi All, Read about this vulnerability:
http://www.csc.ncsu.edu/faculty/jiang/nexuss.html The article explains that from a website when visited from Android's mobile browser, it is possible to upload contents from the phone's sdcard in the background. In applications we specify the necessary permission to access external storage and use file:///sdcard to access the contents. Thus does it means that within the html code of a website if we do a HTTP POST of a file and specify the directory as for example file:///sdcard/example.txt then this file can be uploaded from the sdcard into the web server in the background? As the article mentions that the vulnerability affects Android 2.3 the previous versions are also affected? Regards, Perumal -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
