#mobile

2 posts tagged with mobile.

The goldmine of insecure WebView integrations

WebViews in mobile web3 wallets can quietly inherit the permissions granted to the wallet app itself. We found 20+ major wallets where a malicious dApp could access core permissions without authorization.
Bruno Halltari, Caue Obici, Nikolaos Mourousias

Patch gap to mobile renderer RCE: pwning Samsung Internet's V8 on the Galaxy S25

Samsung Internet on the Galaxy S25 shipped a six-month-old version of V8, exposing it to publicly known bugs. Learn how we exploited a bytecode interpreter vulnerability to achieve renderer RCE and universal XSS in the browser.
Hrvoje Mišetić, Jamie Hill-Daniel, William Liu