CVE-2021-41256 The Android version of the Nextcloud news app has security issues (30-11-2021)

Preface: Nextcloud is a suite of client-server software for creating and using file hosting services. It is enterprise-ready with comprehensive support options. Being free and open-source software, anyone is allowed to install and operate it on their own private server devices.

Background: The Nextcloud News Reader App makes it possible to synchronize feeds between Android and the Nextcloud News App. In order to use this app , you will need to have a nextcloud instance running with the news app installed.

About Nextcloud 17. The main novelty of the new version of Nextcloud is that the addition of the “remote wipe” feature is very eye-catching. This allows users to delete files on mobile devices. The administrator will delete data from all devices of a given user.

Unlike Google Drive, Dropbox, Yandex.Disk and box.net services, the ownCloud and Nextcloud projects provide users with complete control over their data: the information is not tied to an external closed cloud storage system, but the user controls the device.

Vulnerability details: How to switch from the original first MainActivity to the ResultActivity we just generated? The answer is to use Intent,

In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android.

Remedy: Users should upgrade to version 0.9.9.63 or higher as soon as possible.

Observation: In Android, there are many specific security related issues that pertain only to certain technologies such as Activities or SQLite. If a developer does not have enough knowledge about each of the different security issues regarding each technology when designing and coding, then unexpected vulnerabilities may arise.

Repair details: please refer to the link https://github.com/nextcloud/news-android/commit/05449cb666059af7de2302df9d5c02997a23df85

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.