Sunday, October 17, 2021

8 Percent of Google Play apps vulnerable to an Older security bug

Must Read

Latin American crime cartels turn to crypto to clean up their cash

Back in April 2019, Mexican authorities detained suspected human trafficker Ignacio Santoyo at a lavish area of this Caribbean...

Cyber Helpline Receives Lottery Funding to Assist Growing Number of Victims

The Cyber Helpline, a volunteer organization that delivers emergency help to victims of cybercrime and cyber-stalking in the united...

Interpol has arrested a Moroccan hacker involved in various cyber-criminal activities

Interpol announced today that Moroccan authorities arrested a suspect Nicknamed as “Dr. HeX”. The two-year investigation, dubbed Operation Lyrebird by the...

Devs haven’t upgraded a vital library within their programs, leaving users vulnerable to harmful attacks. A number of those vulnerable programs comprise Microsoft’s Edge browser, including Grindr, OKCupid, and Cisco Teams.

Approximately 8 percent of Android programs to be found on the official Google Play Store are exposed to some security flaw in a favorite Android library, based on some scan performed this autumn by security company Check Point.

The security flaw resides in old versions of Play Core, a Java library offered by Google that programmers can embed within their programs to socialize with all the official Play Store portal site.

The Play Core library is quite popular as it may be used by program developers to download and install upgrades hosted on the Play Store, modules, language packs, or other programs.

Before this year, security researchers in Oversecured found a significant vulnerability (CVE-2020-8913) from the Play Core library a malicious program installed on an individual’s device might have mistreated to inject rogue code within other programs and steal sensitive information — including passwords, photographs, 2FA codes, and much more.

Google patched the bug in Play Core 1.7.2, published in March, but based on fresh findings published now by Check Point, maybe not all programmers have upgraded the Play Core library which ships with their programs, leaving their customers vulnerable to simple data pilfering attacks from anti programs installed on their apparatus.

By some study conducted by Check Point in September, six months following a Play Core limitation was made accessible, 13 percent of all of the Play Store programs were using this library, however, just 5 percent were using an upgraded (protected ) version, together with all the remainder leaving users vulnerable to attacks.

Programs that did their obligation to customers and upgraded the library comprised Facebook, Instagram, Snapchat, WhatsApp, and Chrome; but several different programs didn’t.

8 Percent of Google Play apps vulnerable to an Older security bug
Image Source:Checkpoint

Check Point investigators Aviran Hazum and Jonathan Shimonovich stated they informed each of the programs they discovered vulnerable to attacks through CVE-2020-8913, however, three weeks later, just Viber and bothered to patch their programs after their telling.

“All you have to do is to produce a hello world’ program that requires the exported intent from the vulnerable program to push a document to the confirmed files folder together with all the file-traversal path.

This study shows, once more, that while consumers could use an up-to-date variant of the programs, that does not necessarily indicate all a program’s internal components are up-to-date also, with applications supply chains frequently being in total disarray, even at a few of the planet’s largest software/tech companies.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This