Published:2013/12/17 Last Updated:2013/12/26
JVN#53768697
Android OS vulnerable to arbitrary Java method execution
Overview
Android OS contains a vulnerability where an arbitrary Java method may be executed.
Products Affected
- Android OS version 3.0 through 4.1.x
Description
Android OS contains a vulnerability where an arbitrary Java method may be executed.
Impact
When viewing a specially crafted page using the standard Android browser or an other application that uses the WebView class, Android OS may be rebooted or arbitrary code may be executed without intent from the user.
Solution
Apply an Update
Update your device according to the information provided by the provider or developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Disney Mobile on SoftBank | Vulnerable | 2013/12/17 | |
| eAccess Ltd. | Vulnerable | 2013/12/17 | |
| KDDI CORPORATION | Vulnerable | 2013/12/26 | KDDI CORPORATION website |
| NEC Corporation | Not Vulnerable | 2013/12/17 | |
| NTT DOCOMO, INC. | Vulnerable | 2013/12/17 | |
| SoftBank | Vulnerable | 2013/12/17 | |
| WILLCOM | Not Vulnerable | 2013/12/17 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Tamami Eguchi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-4710 |
| JVN iPedia |
JVNDB-2013-000111 |
Update History
- 2013/12/17
- Information under the section "Vendor Status" was updated.
- 2013/12/26
- KDDI CORPORATION update status