Researchers from Check Point Software Technologies have confirmed that widespread apps on Google Play Store continue to be vulnerable to the known CVE-2020-8913 vulnerability, endangering hundreds of millions of Android users.
Many apps on the Google Play Store are still vulnerable to a known bug, CVE-2020-8913, which allows hackers to spread malicious code to gain access to all hosting resources. Attackers can thus use vulnerable apps to steal sensitive data, such as credentials, passwords, and payment information, from other applications on the same device.
First reported in late August by Oversecured researchers, the vulnerability allows an attacker to inject malicious code into vulnerable applications, granting access to all hosting resources and data, and therefore the device hosting these apps. The flaw is rooted in Google’s Play Core library, which allows developers to add in-app updates and new feature modules to their Android apps. The vulnerability makes it possible to add executable modules to any app that uses the library, meaning arbitrary code can be executed within it. An attacker, with a malware app installed on the victim’s device, could steal all their private information.
Android Developers Must Update, Now!
Google acknowledged and patched the bug on April 6, 2020, with a severity rating of 8.8 out of 10. However, the patch must be integrated by the developers themselves into their respective applications for the threat to be completely eliminated. Check Point decided to select a random number of common apps to see which developers had actually implemented the patch provided by Google.
Pubblicato in Mobile & App
Be the first to comment