Vulnerability Abstract

Title: Vulnerability in NetEase Reader (网易阅读) for Android
Time: 29 Feb 2012
Author: Daoyuan Wu*, Xiapu Luo* and Rocky K. C. Chang
Department of Computing, The Hong Kong Polytechnic University, Hong Kong
* authors with equal contributions
CVE ID: CVE-2012-1383
Category: Newly Released
Related Vendor: NetEase.com, Inc.

Application Information

Archive Time: Feb 29, 2012 at 6:01 PM HKT
Package Name: com.netease.pris
Full Name: NetEase Reader (网易阅读)
Affected Version: 1.1.2 Dec 5th 2011 17:00 and 1.2.0 Feb. 10th 2012 17:00 (the latest version in 29 Feb 2012)
Package Installs: 10,000 - 50,000
Market Link: https://market.android.com/details?id=com.netease.pris
Update Log: 1.2.1 Feb. 29th 2012 17:00, the latest version in Mar 14 2012 HKT, also has this vulnerability!

Vulnerability Details

Status: Details only release to related vendor.

Vendor Response

Contact Time: Feb 29, 2012 at 8:15 PM HKT
Confirm Time: Mar 1, 2012 at 6:41 PM HKT
Patched Time: April 1, 2012
Patched Status: Has patched the vulnerability in version 1.2.2 Mar. 31th 2012 17.

Important Notes

Although we only mention one or several affected version in our report, other versions may also be vulnerable, e.g. lower version, pad version or paid version.

Related Vulnerabilities