Security News > 2020 > December > Many Android Apps Expose Users to Attacks Due to Failure to Patch Google Library

Many Android Apps Expose Users to Attacks Due to Failure to Patch Google Library
2020-12-04 14:21

A vulnerability in the Google Play Core Library continues to impact many applications several months after official patches were released.

The Google Play Core Library allows Android developers to deliver updates to their applications at runtime, via the Google API, without requiring interaction from the user.

Google Chrome, Facebook, Snapchat, and WhatsApp are only some of the apps that use this library.

Tracked as CVE-2020-8913 and addressed in March 2020, the vulnerability is a path traversal that could result in local code execution "Within the scope of any application that has the vulnerable version of the Google Play Core Library," Check Point explains.

An analysis performed by Check Point revealed that 13% of Google Play applications used the library, and that 8% of them had a vulnerable version.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/W75f2mdePg0/many-android-apps-expose-users-attacks-due-failure-patch-google-library

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-12 CVE-2020-8913 Path Traversal vulnerability in Android Play Core Library
A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2.
network
low complexity
android CWE-22
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 996 4899 2857 1622 10374
Android 4 0 17 2 0 19