Viber for Android exposes insecure Javascript interface from java viber Watch Video
Preview(s):
Gallery
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)
Description: It has been discovered that Viber's Sticker Market is affected by a code execution vulnerability. This is possible because the Market is loaded over an insecure connection (HTTP) in a WebView that exposes an insecure Javascript interface. Exploiting this issue allows for the execution of arbitrary Java code within the privileges of the Viber app
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)