Adobe has released an update for the Adobe PhoneGap Push plugin. This update resolves a Same-Origin Method Execution (SOME) vulnerability (CVE-2018-4943) that exists in PhoneGap apps built with the affected version of the Push plugin. This vulnerability could be exploited to trick users of PhoneGap apps into executing click events and other unintended user interactions.
Adobe categorizes this update with the following priority rating and recommends users update their installations to the newest versions:
Product | Updated Version | Platform | Priority rating | Availability |
---|---|---|---|---|
Adobe PhoneGap Push plugin | 2.1.0 | All | 3 | Github |
Note:
After updating to the latest version of the plugin, application authors should recompile any apps built with PhoneGap using the new plugin.
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
---|---|---|---|
Same-Origin Method Execution | JavaScript code execution in the context of the PhoneGap app | Important | CVE-2018-4943 |
Adobe would like to thank Juho Nurminen of 2NS - Second Nature Security Oy (CVE-2018-4943) for reporting this issue and for working with Adobe to help protect our customers.