cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Lantz <>
Subject RE: I have a critical issue for cordova.
Date Tue, 09 Jun 2015 16:39:44 GMT
BTW - The article you list provides potential signs of impact to your users. 

1.Tamper app appearance
2.Inject popups and texts
3.Inject splash screens
4.Modify basic functionalities
5.Crash the app

3rd party plugins can also introduce vulnerabilities so the specifics will depend on your
situation. Cordova apps in general are affected. You likely should consider upgrading to Cordova
Android 3.7.2 (if using < 5.0.0) or 4.0.2 (if using Cordova 5.0.0+) given you likely have
a security focused app.


-----Original Message-----
From: Chuck Lantz [] 
Sent: Tuesday, June 9, 2015 9:07 AM
Subject: RE: I have a critical issue for cordova.

It is a security risk that was identified but impact is not known. 

Fortunately there is a simple workaround.  See this article for how to fix this problem:


-----Original Message-----
From: Domingo Oh [] 
Sent: Monday, June 8, 2015 10:25 PM
Subject: I have a critical issue for cordova.


I am Android Developer in Korea.

I develop Android application for bank. before I used cordova.

I saw column at last week. this ->

I receive a question for this issue. is it damage to our customer app?

So I try 3days. I should find that damage to our customer app. But I can't find it. That's

I use Cordova. Right. But I use not CordovaActivity. I throw question to this column(
author. But he don't return to me. So I find other author. But he too. He don't return to

Hey. I don't use CordovaActivity. is it damage for our app? Now I difficult upgrade to app.
So I want certain message.

please certain message for this issue.

ps. I love Korean.

Thank you. please fast return.

To unsubscribe, e-mail:
For additional commands, e-mail:
View raw message