CVE-2024-46966
📋 TL;DR
This vulnerability allows attackers to execute arbitrary JavaScript code through the MainActivity component in the Video Downloader Pro & Browser Android app. It affects all users running versions up to 1.0.42 of the application on Android devices. The exploit enables remote code execution within the app's context.
💻 Affected Systems
- Video Downloader Pro & Browser (mn.ikhgur.khotoch)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the Android device, data theft, installation of malware, and unauthorized access to device resources and user data.
Likely Case
Theft of user data stored by the app, session hijacking, and potential access to device permissions granted to the application.
If Mitigated
Limited impact if app runs with minimal permissions and sandboxing prevents escalation, though app data remains at risk.
🎯 Exploit Status
Exploitation requires delivering malicious JavaScript to the app's MainActivity component, which can be done via various attack vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
Uninstall the application immediately. Check Google Play Store for updated versions, but no official patch is confirmed as of analysis.
🔧 Temporary Workarounds
Uninstall Application
androidRemove the vulnerable application from all Android devices.
adb uninstall mn.ikhgur.khotoch
Disable App Permissions
androidRevoke all permissions from the application in Android settings to limit potential damage.
🧯 If You Can't Patch
- Isolate affected devices from sensitive networks and data.
- Monitor for unusual app behavior or network connections from the device.
🔍 How to Verify
Check if Vulnerable:
Check installed app version in Android settings or via 'adb shell dumpsys package mn.ikhgur.khotoch | grep versionName'.Check Version:
adb shell dumpsys package mn.ikhgur.khotoch | grep versionNameVerify Fix Applied:
Confirm app is uninstalled or version is above 1.0.42 if an update becomes available.📡 Detection & Monitoring
Log Indicators:
- Unusual JavaScript execution in app logs
- Unexpected network connections from the app
Network Indicators:
- Suspicious outbound connections from the app to unknown domains
SIEM Query:
Not applicable for typical mobile app monitoring; focus on device management logs.