Subscribe via feed.

Samsung SecEmailUI Script Injection

Posted by deepcore on February 8, 2016 – 6:46 am

The default Samsung email client’s email viewer and composer (implemented in SecEmailUI.apk) doesn’t sanitize HTML email content for scripts before rendering the data inside a WebView. This allows an attacker to execute arbitrary JavaScript when a user views a HTML email which contains HTML script tags or other events.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »