Several high-profile third-party Android apps still aren’t using the latest version of Google’s app update library, jeopardizing hundreds of millions of smartphone users’ security.
Oversecured, a mobile app security company, discovered a severe vulnerability in Google library Play Core Library, allowing malicious apps to execute code in legit apps. The vulnerability was classified as CVE-2020-8913 and rated 8.8/10 for severity. It mainly affected Android Play Core Library versions released before 1.7.2.
The vulnerability was patched back in March 2020. However, many third-party Android apps are using the unpatched version of Google Library, according to the latest report from Check Point Research.
Aviran Hazum, the Manager of Mobile Research at Check Point, the security of “hundreds of millions of Android users” is at risk.
“The vulnerability CVE-2020-8913 is highly dangerous, [and] the attack possibilities here are only limited by a threat actor’s imagination,” Hazum stated in a report.
Some of the apps have over 250 million downloads. Researchers claim that most app developers haven’t yet integrated the new Google Play Core Library to mitigate the threat.
Check Point explained that in server-side vulnerabilities, the patching process is simpler as the patch has to be applied to the server once. But. For client-side vulnerabilities like the one identified in Google Library, every developer must grab the library’s patched version and integrate it into the application.
The apps still vulnerable to hacking include:
Support the originator by clicking the read the rest link below.
