# Disclosure Date: 31 Jan 2014
# Author: Keith Makan
# Vendor or Software Link: https://play.google.com/store/apps/details?id=nextapp.fx&hl=en
# Version: 2.3.0.10
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash
An estimated 500,000 - 1,000,000 installs are currently affected.
*Disclaimer* This application may be affected by other vulnerabilities.
# Author: Keith Makan
# Vendor or Software Link: https://play.google.com/store/apps/details?id=nextapp.fx&hl=en
# Version: 2.3.0.10
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash
Description:
File Explorer (FX) for Android Suffers from a Path Traversal and android.permission.storage permission leakage vulnerability.Impact:
Malicious Android applications with no Permissions are capable of leaking the contents of a victims local file system.An estimated 500,000 - 1,000,000 installs are currently affected.
Proof of concept:
*Disclaimer* This application may be affected by other vulnerabilities.
Comments
Post a Comment