Apache Cordova Cross-Application Scripting (XAS)
What is it?
A vulnerability affecting Android applications using Apache Cordova.
How does it work?
Should I be worried?
Yes. Apache Cordova is used in 5.8 percent of Android applications.
How can I prevent it?
As for the specific Cordova vulnerability, apply the latest patches and updates to Android apps. Developers should rapidly implement and deploy available security fixes. Large companies should consider product security incident response teams responsible for tracking and notifying developers of vulnerabilities.
Roee Hay is application security research team lead at IBM X-Force.