Android apps with millions of downloads are vulnerable to serious attacks

by
Dan Goodin
from Ars Technica - All content on (#5B7JH)
android-rage-out-640x360.jpg

Enlarge (credit: Aurich Lawson)

Android apps with hundreds of millions of downloads are vulnerable to attacks that allow malicious apps to steal contacts, login credentials, private messages, and other sensitive information. Security firm Check Point said that the Edge Browser, the XRecorder video and screen recorder, and the PowerDirector video editor are among those affected.

The vulnerability actually resides in the Google Play Core Library, which is a collection of code made by Google. The library allows apps to streamline the update process by, for instance, receiving new versions during runtime and tailoring updates to an individual app's specific configuration or a specific phone model the app is running on.

A core vulnerability

In August, security firm Oversecured disclosed a security bug in the Google Play Core Library that allowed one installed app to execute code in the context of any other app that relied on the vulnerable library version.

Read 7 remaining paragraphs | Comments

index?i=o9vCWVn_2O8:lrnKVZlaNlI:V_sGLiPB index?i=o9vCWVn_2O8:lrnKVZlaNlI:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments