June 14, 2021

Web-injection Vulnerabilities in WebOS

Researchers at SecTheory has discovered multiple flaws in the WebOS smartphone platform with possibility of build a mobile botnet or execute other remote attacks.

The most dangerous of the vulnerabilities is an injection flaw on the WebOS version 1.4.X that allows remote command and control, including access to a phone’s files or injecting a remote JavaScript backdoor into the phone’s Contacts Application to build a botnet.

Read the full story here.