Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.
For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.
The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.
No PoCs from references.
- https://github.com/404notf0und/CVE-Flow
- https://github.com/hungxtran/XF_WebViewEventsNotFired