Number: IRCNE2015082605
Date: 2015/08/18
According to “zdnet”, a security flaw allows third-party applications to bypass sandbox restrictions in the Google Admin console has been disclosed.
Posted on Full Disclosure on Friday, Rob Miller, senior security researcher, from MWR Labs says the flaw, found within Google's Android Admin application, allows third-party apps to bypass sandbox restrictions and read arbitrary files through symbolic links.
If the console received a URL through an IPC call from another application on the same device, the Android app loads this link in WebView. However, if an attacker used a file:// URL which pointed to a domain they controlled, then it is possible that symbolic links bypass Same Origin Policy and is able to retrieve data out of the Google Admin sandbox.
Therefore, if a third-party app has been installed which is untrusted or malicious, attackers controlling the app will be able to read data out of any file within the Google Admin sandbox.
At the time of disclosure, no updated version of the Google Admin application has been released. To reduce the risk of exploit in the interim, devices with Google Admin installed should not install or use any third-party applications which are not trusted.
- 3