AirDroid App Full Phone Takeover Vulnerability Fixed

Hey guys, I’m posting here just for record keeping but a vulnerability I found in the Android app AirDroid has been patched and now been made public. See this blog post for more:

http://www.bishopfox.com/blog/2015/04/airdroid-how-much-do-your-apps-know/

Technical Advisory:

http://www.bishopfox.com/news/2015/04/airdroid-web-application-authentication-flaw/

Video of exploit in action:

About the Author

Matthew Bryant (mandatory)

Matthew Bryant (mandatory)
Security researcher who needs to sleep more. Opinions expressed are solely my own and do not express the views or opinions of my employer.
Follow @mandatoryprogrammer
Read More

"Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains

**NOTE:** *If you're just looking for the high level points, see the"[The TL;DR Summary & High-LevelPoints](#the-tldr-summary--high-level...… Continue reading

Video Downloader and Video Downloader Plus Chrome Extension Hijack Exploit - UXSS via CSP Bypass (~15.5 Million Affected)

Published on February 22, 2019

Kicking the Rims – A Guide for Securely Writing and Auditing Chrome Extensions

Published on June 12, 2018