Apache Cordova fixes flaw that could cause apps to crash
The flaw lies in Apache Cordova, which is a set of APIs (application programming interfaces) that let developers access functions such as a camera or accelerometer using JavaScript, according to its website.
Trend Micro, which found the problem, wrote that 5.6 percent of apps in Google's Play store use Cordova and are vulnerable. iOS is not affected.
Apps using Cordova that "don't have explicit values set in Config.xml can have undefined configuration variables set by Intent," according to a description of the flaw on the Cordova website.
"This can cause unwanted dialogs appearing in applications and changes in the application behavior that can include the app force-closing," wrote Joe Bowser, a senior computer scientist at Adobe Systems, who works on Cordova for Android.
Seven Shen, a mobile threats analyst with Trend Micro who found the problem, wrote the flaw could be exploited by getting a person to click a URL.
Apps that use version 4.0.x or higher should move to 4.0.2 of Cordova. Another version of Cordova 3.7.2 has been released with a patch for apps that are on older versions of the code.
Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk