Security News > 2020 > May > StrandHogg 2.0: Critical Android flaw allows app hijacking, data theft
Google has released a patch for CVE-2020-0096, a critical escalation of privilege vulnerability in Android that allows attackers to hijack apps on the victim's device and steal data.
Dubbed StrandHogg 2.0 because its similar to the StrandHogg vulnerability exploited by hackers in late 2019, it affects all but the latest version of Android.
Allows hackers to hijack nearly any app, i.e., to insert an overlay when the app is opened.
"Attackers looking to exploit StrandHogg 2.0 will likely already be aware of the original StrandHogg vulnerability and the concern is that, when used together it becomes a powerful attack tool for malicious actors," says Tom Lysemose Hansen, CTO and founder of Promon.
"Android users should update their devices to the latest firmware as soon as possible in order to protect themselves against attacks utilising StrandHogg 2.0. Similarly, app developers must ensure that all apps are distributed with the appropriate security measures in place in order to mitigate the risks of attacks in the wild," Hansen advises.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/zPLu6_vED20/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-14 | CVE-2020-0096 | Improper Privilege Management vulnerability in Google Android 8.0/8.1/9.0 In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. | 7.2 |