News

Bleeping Computer1y
AutoSpill attack steals credentials from Android password managers
Security researchers developed a new attack, which they named ... even if there is no JavaScript injection. Android apps often use WebView controls to render web content, such as login pages ...
Ars Technica1y
How worried should we be about the “AutoSpill” credential leak in Android password managers?
Another way a malicious app might exploit AutoSpill is by injecting JavaScript into the WebView content that copies the credentials and sends them to the attacker. These types of attacks have been ...
TechRepublic4y
Why it’s time the Android developers rethink WebView
Although this seamless integration of native app code and HTML/JavaScript ... by creating a larger attack surface for the platform. With the larger attack surface WebView brings to Android ...
SiliconANGLE2y
Microsoft WebView2 phishing technique can bypass MFA and steal login cookies
the proof-of-concept phishing attack, dubbed “WebView2-Cookie-Stealer,” involves injecting malicious JavaScript code into websites loaded in an application that uses WebView 2. In an example ...
Ars Technica2y
Microsoft finds TikTok vulnerability that allowed one-click account compromises
allowing the URL to then access the WebView's attached JavaScript bridges and grant functionality to attackers." The researchers went on to create a proof-of-concept exploit that did just that.
TechRadar8mon
Dangerous new Android malware infects 11 million devices — here's what we know
including loading ads through invisible WebView windows, downloading and running arbitrary JavaScript files, facilitating fraud, and rerouting malicious traffic. Two seemingly legitimate ...
ZDNet10y
How to avoid WebView trouble on older Android devices
but Google will no longer be developing security patches for Android's built-in Web browser WebView. Fortunately, that doesn't mean you have to stay at risk for hacker attacks. Why has Google ...