The 2011 Pwnie Nominee For Best Client-Side Bug

Android web market XSS

Credit: Jon Oberheide

Jon Oberheide discovered an XSS vulnerability in the Android web market that allowed him to remotely install arbitrary applications with arbitrary permissions on a victim’s phone simply by tricking them into clicking a malicious link.