Intent URI Scheme
Dolphin Browser for Android
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.
Mobotap has not issued a reponse nor an update to remediate this vulnerability.
2017-11-28 - Reached out on Twitter and asked to speak with someone who is responsible for product security 2017-12-04 - Emailed requesting to speak with someone who can address security issues in the Dolphin Browser for Android, no response 2017-12-07 - Emailed to verify initial email was received, no response 2017-12-10 - Emailed to inform the public release of an advisory, CC'ed [email protected] and received a bounce on the email address 2017-12-11 - Public zero day release of advisory
Offensive Minded Security Exploit Development