Metasploit: Major Android Bug is a Privacy Disa... | SecurityStreet
On the night of September 7, 2014, Joe Vennix of Rapid7's Metasploit Products team wrote, "I did not believe this at first, but after some testing it seems true: in AOSP browser before Android 4.4, you can load javascript into any arbitrary frame or window [...]" and provided a Metasploit module to…