[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)
From: Roee Hay <roeeh@xxxxxxxxxx>
Date: Wed, 11 Mar 2015 15:40:03 +0200

Hi,

We have recently discovered a vulnerability in the Dropbox SDK for
Android. This vulnerability may enable theft of sensitive information
from apps that use the vulnerable Dropbox SDK both locally by malware
and also remotely by using drive-by exploitation techniques.

The vulnerability is identified as CVE-2014-8889.

We had privately reported the issue to the Dropbox team which soon
provided a fix with version 1.6.2 of the SDK.

More details are available at:

1. Blog post: http://ibm.co/1Hosb02
2. Whitepaper: http://bit.ly/1BqEwjo
3. Video demo: http://bit.ly/1GklNFO

Prev by Date: [SECURITY] [DSA 3182-1] libssh2 security update
Next by Date: ESA-2015-014: RSA® Digital Certificate Solution Multiple Vulnerabilities
Previous by thread: [SECURITY] [DSA 3182-1] libssh2 security update
Next by thread: ESA-2015-014: RSA® Digital Certificate Solution Multiple Vulnerabilities
Index(es):
- Date
- Thread