Remote Code Execution and Sensitive Geolocation Information Disclosure in DrinkedIn BarFinder Android App

Remote Code Execution and Sensitive Geolocation Information Disclosure in DrinkedIn BarFinder Android App

CVE-2014-1887 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com.

Learn more about our Cis Benchmark Audit For Google Android.