Mobile Phone / Hand-held Device
Loss of Integrity
No Vendor Response
Apache Cordova or PhoneGap contains a flaw that is due to the program not blocking third-party scripts included via <script> tags when their source domain is white listed, even if execute in a different domain's origin. This may allow a context-dependent attacker to bypass the same origin policy.
Currently, there are no known workarounds or vendor upgrades to correct this issue. However, the researchers who disclosed this issue have released 'NoFrak', which they claim fixes this vulnerability.
As with all third-party solutions, ensure they come from a reliable source and are permitted under your company's security policy.