cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Lantz <cla...@microsoft.com>
Subject RE: I have a critical issue for cordova.
Date Tue, 09 Jun 2015 16:39:44 GMT
BTW - The article you list provides potential signs of impact to your users. 

1.Tamper app appearance
2.Inject popups and texts
3.Inject splash screens
4.Modify basic functionalities
5.Crash the app

3rd party plugins can also introduce vulnerabilities so the specifics will depend on your
situation. Cordova apps in general are affected. You likely should consider upgrading to Cordova
Android 3.7.2 (if using < 5.0.0) or 4.0.2 (if using Cordova 5.0.0+) given you likely have
a security focused app.

-Chuck

-----Original Message-----
From: Chuck Lantz [mailto:clantz@microsoft.com] 
Sent: Tuesday, June 9, 2015 9:07 AM
To: dev@cordova.apache.org
Subject: RE: I have a critical issue for cordova.

It is a security risk that was identified but impact is not known. 

Fortunately there is a simple workaround.  See this article for how to fix this problem: 
https://github.com/Microsoft/cordova-docs/tree/master/tips-and-workarounds/android/security-05-26-2015

-Chuck

-----Original Message-----
From: Domingo Oh [mailto:osystst@gmail.com] 
Sent: Monday, June 8, 2015 10:25 PM
To: dev@cordova.apache.org
Subject: I have a critical issue for cordova.

Hello.

I am Android Developer in Korea.

I develop Android application for bank. before I used cordova.

I saw column at last week. this -> http://goo.gl/ZOSzYw


I receive a question for this issue. is it damage to our customer app?


So I try 3days. I should find that damage to our customer app. But I can't find it. That's
difficult.


I use Cordova. Right. But I use not CordovaActivity. I throw question to this column(http://goo.gl/ZOSzYw)
author. But he don't return to me. So I find other author. But he too. He don't return to
me.


Hey. I don't use CordovaActivity. is it damage for our app? Now I difficult upgrade to app.
So I want certain message.

please certain message for this issue.

ps. I love Korean.




Thank you. please fast return.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
Mime
View raw message