N/A

The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com.

N/A

N/A

Android DrinkedIn BarFinder 权限许可和访问控制漏洞

DrinkedIn BarFinder application for Android是一套基于Android系统的用于查找附件酒吧和鸡尾酒配方的应用程序，它支持查看酒吧的详情、评价和指南等信息，并提供社交功能。 当使用Adobe PhoneGap 2.9.0及之前版本时，Android DrinkedIn BarFinder应用程序中存在安全漏洞。远程攻击者可利用该漏洞执行任意JS代码，获取敏感的fine-geolocation信息。

N/A

N/A