cyberotter on Nostr: "[...] this vulnerability requires the ability and opportunity to install a malicious ...
"[...] this vulnerability requires the ability and opportunity to install a malicious app on the target device, which would indicate a complete compromise or the ability to execute code on the targeted device."
Further, this applies while opening a login via Webview instead of your native browser.
You should be fine as long as you don't grant a shady app the auto-fill permission.
Published at
2023-12-11 16:00:06Event JSON
{
"id": "06bdea7fd2140ae0272f7baffd1ae31bfc91827bc8bdc3e5b23617d0dc029f93",
"pubkey": "066f78e4c54ffd29013c829bf6bc9763296e7059055603ea3773efa30ff61068",
"created_at": 1702310406,
"kind": 1,
"tags": [
[
"e",
"8642b466cb271cd6708d3c996696f7f002b304194da28b8713d6343d05d14c23",
"",
"root"
],
[
"e",
"5e72c72c7e0a6af9d9925a96e8bc58949260498e912eeeb7a4c73ad5308d3c36"
],
[
"e",
"0b9764362c7c0277e765d0337f529c373eddd6129077b82c702af2a69f4130d3",
"",
"reply"
],
[
"p",
"4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d"
],
[
"p",
"45b35521c312a5da4c2558703ad4be3d2e6d08c812551514c7a1eb7ab5fa0f04"
],
[
"p",
"e1346ed3dc0a8854bbd7cb7c4b4e6c6fa3e6894a122adf4df6a6d0ff6fa11922"
]
],
"content": "\"[...] this vulnerability requires the ability and opportunity to install a malicious app on the target device, which would indicate a complete compromise or the ability to execute code on the targeted device.\"\n\nFurther, this applies while opening a login via Webview instead of your native browser.\n\nYou should be fine as long as you don't grant a shady app the auto-fill permission.",
"sig": "51738d4b88a02695f7b29bac5c7a247717bf0494b3b54b5a4a814025efeb118ca1e564b15310fa51a67c058c6ad0e34238c1b81a274cbf1931136f86fc3c6a56"
}
