Infosec bods from Check Point have discovered that popular apps are still running outdated versions of Google’s Play Core library for Android - versions that contained a remote file inclusion vulnerability.
While Google patched the vuln in April, long before its public disclosure, Check Point found in recent research that it was still present in some Android apps.
These included Cisco Teams, dating apps such as Grindr, OKCupid and Bumble, and navigation app Moovit among others.
“The vulnerability allows a threat actor to inject malicious code into vulnerable applications, granting access to all the same resources on the user’s phone as the hosting application,” said Check Point in a statement.
The vuln, CVE-2020-8913, was first uncovered in August by researchers at Oversecured. They found that the Play Core Library, ..
Support the originator by clicking the read the rest link below.
