Advisory Details

April 29th, 2015

(Mobile Pwn2Own) Amazon App Store JavaScript Bridge Remote Code Execution Vulnerability

ZDI-15-159
ZDI-CAN-2632

CVE ID
CVSS SCORE 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P
AFFECTED VENDORS Amazon
AFFECTED PRODUCTS App Store
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['17034']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on Amazon Fire Phone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the methods that were exposed to the WebView. The IntentBridge class wraps IPC functions that allows an attacker to download and install a malicious application. A remote attacker can abuse this achieve remote code execution under the context of the process.
ADDITIONAL DETAILS


There was not an advisory posted and no patch required, the issue was fixed server side.
DISCLOSURE TIMELINE
  • 2014-11-12 - Vulnerability reported to vendor
  • 2015-04-29 - Coordinated public release of advisory
CREDIT MWR Labs
BACK TO ADVISORIES