Menu
Menu
Apache Cordova fixes flaw that could cause apps to crash

Apache Cordova fixes flaw that could cause apps to crash

It could also cause unwanted dialog boxes to appear

A flaw has been patched in Apache Cordova, a set of widely used APIs, that could cause Android apps to crash or unwanted dialog boxes displayed.

A flaw has been patched in Apache Cordova, a set of widely used APIs, that could cause Android apps to crash or unwanted dialog boxes displayed.

A fix has been released for a vulnerability in a widely used piece of code in Android devices, which could cause apps to crash or display unwanted dialog boxes.

The flaw lies in Apache Cordova, which is a set of APIs (application programming interfaces) that let developers access functions such as a camera or accelerometer using JavaScript, according to its website.

Trend Micro, which found the problem, wrote that 5.6 percent of apps in Google's Play store use Cordova and are vulnerable. iOS is not affected.

Apps using Cordova that "don't have explicit values set in Config.xml can have undefined configuration variables set by Intent," according to a description of the flaw on the Cordova website.

"This can cause unwanted dialogs appearing in applications and changes in the application behavior that can include the app force-closing," wrote Joe Bowser, a senior computer scientist at Adobe Systems, who works on Cordova for Android.

Seven Shen, a mobile threats analyst with Trend Micro who found the problem, wrote the flaw could be exploited by getting a person to click a URL.

Apps that use version 4.0.x or higher should move to 4.0.2 of Cordova. Another version of Cordova 3.7.2 has been released with a patch for apps that are on older versions of the code.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the CIO newsletter!

Error: Please check your email address.

Tags trend microApache CordovasecurityExploits / vulnerabilities

More about Adobe SystemsApacheGoogleTrend Micro

Show Comments
Computerworld
ARN
Techworld
CMO