Attackers intercept cookie, then they can control browsing of the victim. A Metasploit module, with which it is possible to exploit vulnerability in three quarters of smartphones, based on Android, appeared in the popular set of tools for penetration testing.
With its help it is possible to intercept the web-pages that are viewed by the user. Web-pages that the user looks through can be intercepted with the help of this vulnerability.
The vulnerability, called CVE-2014-6041, affects Android 4.4 (and earlier versions). It was disclosed this year on the 1st of September by Tod Beardsley, an independent researcher, who called the flaw "privacy disaster".
Beardsley explained that any site that hackers monitor gives him the opportunity to hijack the web-pages that the victim looked through. Also he added that if you had already visited such a site and the mail was opened it the next tab then the attackers would easily look through it or delete everything they want.
It should be mentioned that the flaw also gives opportunity to intercept the cookie of the current session and take complete control of user‘s session to the attacker. It meant that the attacker can look and modify data with the same rights as the owner has.
Axarhöfði 14,
110 Reykjavik, Iceland