App Javascript Vulnerabilities

Fireeye has an infographic where they share the results of analysing 7 million Android and iOS apps. 31% of Android apps were found to be vulnerable to Javascript-Binding-Over HTTP (JBOH). iOS was found to be the ‘next frontier’ for cyber criminals with Universal Cross Site Scripting (UXSS) and sideloaded apps via Apple’s Enterprise Program being of particular concern.

fireeyevulnerableapps

So what’s JBOH? I think it’s another name for vulnerabilities in webviews that I have been documenting for a long time now.