Headline
CVE-2018-16135: Opera Mini Location Permission Spoof
The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site.
Technical
Advisory
Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.
Vulnerability
Opera Mini Location Permission Spoof Vulnerability
Vulnerability Description
A location permission spoof vulnerability was discovered in opera mini 47.1.2249.129326 for Android which allows an attacker to spoof location permission dialog box origined from attackers website while being on any legit website.
CVE ID
CVE-2018-16135
Vendor
https://www.opera.com/
Disclosure Timeline
02 August 2018 - Reported to vendor
18 August 2018 - Patch confimration received from vendor
Credits
Nikhil Mittal
Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16135