XSS Vulnerability injected through Google Analytics, executed in IOS’s Gmail application

Roy Castillo, a security researcher from the Philippines, identified a cross-site scripting (XSS) vulnerability in the Gmail application for iOS. The vulnerability was found in the mail attachment feature and needed no user interaction to be triggered. In a post on his blog, Roy Castillo explains how he managed to exploit this vulnerability. After logging […]

Read More →