Android webview flaw may allow attack

WebView, a feature that displays web pages in Google's Android operating system, may serve as a ticket for hackers into an Android device, a security vendor warned.

AVG Security said the vulnerability may affect WebView control in devices running Android versions older than 4.2.

"This vulnerability makes a large number of Android applications act as a hacker pipeline into user’s devices and provides a way to install malicious software, send SMSs and more," AVG said.

It said that since WebView lets the user view a web app or a web page, it can potentially be used to interact with malicious web pages.

AVG said apps running Android 4.1 or older with the "addJavascriptInterface" can give attackers the opening they need to gain access to the Android device.

"Users can be infected when they click on a URL link using a vulnerable application that allows opening a Java enabled browser or web page. The device will automatically perform the malicious actions that were ordered in the malicious web page that contain those JavaScript commands," it said.

Because of this, AVG advised users not to download suspicious mobile applications from third-party markets, and "avoid clicking on suspicious links coming from strangers." — VC, GMA News