Geeks for your information News Privacy & Security News v
Google Play Apps Remain Vulnerable to High-Severity Flaw
Google Play Apps Remain Vulnerable to High-Severity Flaw
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  03 December 20, 15:30
Quote:Researchers are warning that several popular Google Play applications – including mobile browser app Edge and business app Cisco Teams – have yet to push out an important update addressing a high-severity vulnerability in the Google Play Core Library.
 
The vulnerability exists in Google Play Core Library, which is utilized by various popular applications like Google Chrome, Facebook and Instagram. This is essentially a gateway for interacting with Google Play services from within the application itself, allowing developers to carry out various processes like dynamic code loading, delivering locale-specific resources and interacting with Google Play’s review mechanisms.
 
The vulnerability (CVE-2020-8913) in the Google Play Core Library is a local, arbitrary code execution issue in the SplitCompat.install endpoint in of Android’s Play Core Library (in versions prior to 1.7.2). The flaw, which ranks 8.8 out of 10 on the CVSS v3 scale, making it high severity, was previously disclosed in late August. Google patched the flaw on April 6, 2020. However, in a report issued Thursday by Check Point researchers warned that the patch still needs to be pushed out by developers for several applications – and potentially still impacts hundreds of millions of Android users.
 
“Unlike server-side vulnerabilities, where the vulnerability is patched completely once the patch is applied to the server, for client-side vulnerabilities, each developer needs to grab the latest version of the library and insert it into the application,” said Aviran Hazum and Jonathan Shimonovich, security researchers with Check Point Research on Thursday.
 
In fact, as of September 2020, researchers found that 13 percent of Google Play applications used the Google Play Core Library –  and 8 percent of those apps had a vulnerable version. These include several popular apps, such as social app Viber, travel app Booking, business app Cisco Teams, navigation apps Yango Pro and Movit, dating apps Grindr, OKCupid and Bumble, mobile browser app Edge and utility apps Xrecorder and PowerDirector.
 
“Prior to this publication, we have notified all Apps about the vulnerability and the need to update the version of the library, in order not to be affected,” said researchers. “Further tests show Viber and Booking updated to the patched versions after our notification.”

Read more: https://threatpost.com/google-play-apps-...aw/161785/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Messages In This Thread
Google Play Apps Remain Vulnerable to High-Severity Flaw - by silversurfer - 03 December 20, 15:30

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
K-Lite Codec Pack 19.4.5 / 19.4.9 Update
Changes in 19.4.9 ...harlan4096 — 16:30
Brave 1.87.188 (Chromium 145.0.7632.76)
Release v1.87.188 ...harlan4096 — 16:29
Opera 127.0.5778.64
New update to Oper...harlan4096 — 16:28
INTEL Arc Graphics 32.0.101.8509 driver
INTEL Arc Graphics...harlan4096 — 16:27
Intel brings XeSS 3 Multi-Frame Generati...
Intel brings multi...harlan4096 — 16:25

[-]
Birthdays
Today's Birthdays
avatar (39)MezirLal
Upcoming Birthdays
avatar (38)showercurtains
avatar (49)PeterWhink
avatar (46)dimaWeami
avatar (39)TranoTymn
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (51)Ronaldduh
avatar (39)legalgauch
avatar (44)Baihu
avatar (27)RaseinsLikes

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>