Remote Code Execution and Sensitive Geolocation Information Disclosure in DrinkedIn BarFinder Android App
CVE-2014-1887 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com.
Learn more about our Cis Benchmark Audit For Google Android.