Mobile Phone / Hand-held Device
Loss of Integrity
No Vendor Response
Apache Cordova and PhoneGap contain a flaw that is triggered during substring matching. This may allow a context-dependent attacker to bypass whitelist protection mechanisms.
Currently, there are no known workarounds or vendor upgrades to correct this issue. However, the researchers who disclosed this issue have released 'NoFrak', which they claim fixes this vulnerability.
As with all third-party solutions, ensure they come from a reliable source and are permitted under your company's security policy.