Security News > 2020 > December > Popular Android apps still vulnerable to patched security flaw
First reported in late August by researchers at Oversecured and since analyzed by cyber threat intelligence provider Check Point, a recent flaw affecting several Android apps points to this patch-applying dilemma.
After alerting the developers of these apps to the flaw, the Viber and Booking apps have since been patched, according to Check Point.
"As we understand it, in order for this vulnerability to have been exploited, a user must have been tricked into downloading a malicious app onto their phone that is specifically tailored to exploit the Grindr app. As part of our commitment to improving the safety and security of our service, we have partnered with HackerOne, a leading security firm, to simplify and improve the ability for security researchers to report issues such as these."
"Although Google implemented a patch, many apps are still using outdated Play Core libraries. The vulnerability CVE-2020-8913 is highly dangerous. If a malicious application exploits this vulnerability, it can gain code execution inside popular applications, obtaining the same access as the vulnerable application."
Naturally, Check Point recommends its own SandBlast Mobile app, but you'll find other security apps in Google Play from a variety of reputable and reliable vendors.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-8913 | Path Traversal vulnerability in Android Play Core Library A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. | 8.8 |