Bulletin ID
อัปเดตครั้งล่าสุดเมื่อ
21 ธ.ค. 2021
|
และยังใช้กับ Adobe PhoneGap Build
Security update available for the Adobe PhoneGap Push Plugin | APSB18-15
|
|
Date Published |
Priority |
|---|---|---|
|
APSB18-15 |
April 10, 2018 |
3 |
Summary
Adobe has released an update for the Adobe PhoneGap Push plugin. This update resolves a Same-Origin Method Execution (SOME) vulnerability (CVE-2018-4943) that exists in PhoneGap apps built with the affected version of the Push plugin. This vulnerability could be exploited to trick users of PhoneGap apps into executing click events and other unintended user interactions.
Affected Versions
|
Product |
Affected Versions |
Platform |
|---|---|---|
|
Adobe PhoneGap Push plugin |
1.8.0 earlier versions |
All |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installations to the newest versions:
|
Product |
Updated Version |
Platform |
Priority rating |
Availability |
|---|---|---|---|---|
|
Adobe PhoneGap Push plugin |
2.1.0 |
All |
3 |
หมายเหตุ:
After updating to the latest version of the plugin, application authors should recompile any apps built with PhoneGap using the new plugin.
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|
Same-Origin Method Execution |
JavaScript code execution in the context of the PhoneGap app |
Important |
CVE-2018-4943 |
Acknowledgements
Adobe would like to thank Juho Nurminen of 2NS - Second Nature Security Oy (CVE-2018-4943) for reporting this issue and for working with Adobe to help protect our customers.
