Credit: Jon Oberheide
Jon Oberheide discovered an XSS vulnerability in the Android web market that allowed him to remotely install arbitrary applications with arbitrary permissions on a victim’s phone simply by tricking them into clicking a malicious link.