Apache Cordova fixes flaw that could cause apps to crash


A fix has been released for a vulnerability in a widely used piece of code in Android devices, which could cause apps to crash or display unwanted dialog boxes.

The flaw lies in Apache Cordova, which is a set of APIs (application programming interfaces) that let developers access functions such as a camera or accelerometer using JavaScript, according to its website.

Trend Micro, which found the problem, wrote that 5.6 percent of apps in Google’s Play store use Cordova and are vulnerable. iOS is not affected.

Apps using Cordova that “don’t have explicit values set in Config.xml can have undefined configuration variables set by Intent,” according to a description of the flaw on the Cordova website.

“This can cause unwanted dialogs appearing in applications and changes in the application behavior that can include the app force-closing,” wrote Joe Bowser, a senior computer scientist at Adobe Systems, who works on Cordova for Android.

Seven Shen, a mobile threats analyst with Trend Micro who found the problem, wrote the flaw could be exploited by getting a person to click a URL.

Apps that use version 4.0.x or higher should move to 4.0.2 of Cordova. Another version of Cordova 3.7.2 has been released with a patch for apps that are on older versions of the code.

Must read: Hidden Cause of Slow Internet and how to fix it
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies