3/11/2024 0 Comments For ios instal LolitaGrindr told me that “we are grateful for the Check Point researcher who brought the vulnerability to our attention today. If you need convincing as to the severity of this, then let’s look at some of the apps that have just recently patched this vulnerability.ī told me “we can confirm we have already addressed this vulnerability with a patch to our Android app on November 11.” And Cisco confirmed that “on December 1, published software updates for the Cisco WebEx Teams mobile app for Android that include fixed versions of the Google Play Core Library that contains the security vulnerability.” This becomes a soft entry point to steal credentials for a corporate network, for example, or to track persons of interest. Or if a banking app is vulnerable, the attacker can steal credentials and even 2FA codes.”Ĭheck Point also warns that the vulnerability can be used to “inject code into enterprise applications to gain access to corporate resources or into social media applications to spy on the victim and use location access to track the device.” As ever, a vulnerability with a popular app installed on tens of millions of devices provides a large attack surface for a targeted campaign. For example, injecting code into a messenger to steal all messages, or send messages on the user’s behalf. The malicious payload will have the same access as the hosting application. “Users should be worried about the data stored inside or accessible to applications. So, should users be worried? Yes, according to Hazum. “During the month of September,” Check Point says, “13% of Google Play applications we analyzed used this library, and 8% of those apps had a vulnerable version.” Google patched the flaw in its Play Core Library way back in April, but a huge number of apps have not bothered to update the library within their own software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |