Friday, July 23, 2021

8 Percent of Google Play apps vulnerable to an Older security bug

Must Read

WAPDropper malware abuses Android devices for WAP fraud

New WAPDropper malware signals users up to premium services supplied from telecoms from Thailand and Malaysia. Security researchers have discovered...

Brave browser disables Google’s FLoC ad-tracking technology

Brave, a Chromium-based browser, has removed FLoC, Google's controversial alternative identifier to third-party cookies for tracking users across websites. Brave...

LinkedIn officially signs EU’s Code against Online Hate speech takedown

Microsoft-owned LinkedIn is committed to doing more for the quick removal of illegal hate speech on its platform in...

Devs haven’t upgraded a vital library within their programs, leaving users vulnerable to harmful attacks. A number of those vulnerable programs comprise Microsoft’s Edge browser, including Grindr, OKCupid, and Cisco Teams.

Approximately 8 percent of Android programs to be found on the official Google Play Store are exposed to some security flaw in a favorite Android library, based on some scan performed this autumn by security company Check Point.

The security flaw resides in old versions of Play Core, a Java library offered by Google that programmers can embed within their programs to socialize with all the official Play Store portal site.

The Play Core library is quite popular as it may be used by program developers to download and install upgrades hosted on the Play Store, modules, language packs, or other programs.

Before this year, security researchers in Oversecured found a significant vulnerability (CVE-2020-8913) from the Play Core library a malicious program installed on an individual’s device might have mistreated to inject rogue code within other programs and steal sensitive information — including passwords, photographs, 2FA codes, and much more.

Google patched the bug in Play Core 1.7.2, published in March, but based on fresh findings published now by Check Point, maybe not all programmers have upgraded the Play Core library which ships with their programs, leaving their customers vulnerable to simple data pilfering attacks from anti programs installed on their apparatus.

By some study conducted by Check Point in September, six months following a Play Core limitation was made accessible, 13 percent of all of the Play Store programs were using this library, however, just 5 percent were using an upgraded (protected ) version, together with all the remainder leaving users vulnerable to attacks.

Programs that did their obligation to customers and upgraded the library comprised Facebook, Instagram, Snapchat, WhatsApp, and Chrome; but several different programs didn’t.

8 Percent of Google Play apps vulnerable to an Older security bug
Image Source:Checkpoint

Check Point investigators Aviran Hazum and Jonathan Shimonovich stated they informed each of the programs they discovered vulnerable to attacks through CVE-2020-8913, however, three weeks later, just Viber and Booking.com bothered to patch their programs after their telling.

“All you have to do is to produce a hello world’ program that requires the exported intent from the vulnerable program to push a document to the confirmed files folder together with all the file-traversal path.

This study shows, once more, that while consumers could use an up-to-date variant of the programs, that does not necessarily indicate all a program’s internal components are up-to-date also, with applications supply chains frequently being in total disarray, even at a few of the planet’s largest software/tech companies.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This