Adobe Security Bulletin

Security update available for the Adobe PhoneGap Push Plugin | APSB18-15

Bulletin ID

Date Published

Priority

APSB18-15

April 10, 2018

3

Summary

Adobe has released an update for the Adobe PhoneGap Push plugin. This update resolves a Same-Origin Method Execution (SOME) vulnerability (CVE-2018-4943) that exists in PhoneGap apps built with the affected version of the Push plugin. This vulnerability could be exploited to trick users of PhoneGap apps into executing click events and other unintended user interactions.

Affected Versions

Product

Affected Versions

Platform

Adobe PhoneGap Push plugin

1.8.0 earlier versions

All

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installations to the newest versions:

Product

Updated Version

Platform

Priority rating

Availability

Adobe PhoneGap Push plugin

2.1.0

All

3

Lưu ý:

After updating to the latest version of the plugin, application authors should recompile any apps built with PhoneGap using the new plugin.    

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVE Numbers

Same-Origin Method Execution

JavaScript code execution in the context of the PhoneGap app

Important

CVE-2018-4943

Acknowledgements

Adobe would like to thank Juho Nurminen of 2NS - Second Nature Security Oy (CVE-2018-4943) for reporting this issue and for working with Adobe to help protect our customers.

Adobe, Inc.

Nhận trợ giúp nhanh chóng và dễ dàng hơn

Bạn là người dùng mới?