Added by inge gnue almost 8 years ago. Updated about 7 years ago.
0%
Description
https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware
"Android device in a lab environment was hit with the ransomware when an advertisement containing hostile Javascript loaded from a Web page."
This makes me very concerned about using my Replicant phone at all.
The ideal situation would be an upgrade for all Replicant ports.
So far the only workaround, apart from an upgrade, looks like use of an adblocker or even better a javascript blocker in the browser. That's not to say that the ads couldn't also appear in a non http-browser app hosting ads, but thankfully most F-Droid apps are ad-free.
F-Droid currently has a few options:
Privacy Browser - a browser that lets you block javascript, cookies, and DOM storage
Tint Browser + Tint Browser Adblock Addon
AdAway for blocking ads within apps
Adblock Plus for blocking ads within apps
Zirco Browser - web browser with ad blocker
And DO NOT browse the web any other way.
It would be better if you would at least link to an article that describes the actual vulnerability and provides information about patches. If possible, providing the patches directly or linking to them would be the best way to report a security issue.
Looks like this is about the Towelroot vulnerability which was already discussed in #1047.