Security News > 2020 > December > Many Android Apps Expose Users to Attacks Due to Failure to Patch Google Library
A vulnerability in the Google Play Core Library continues to impact many applications several months after official patches were released.
The Google Play Core Library allows Android developers to deliver updates to their applications at runtime, via the Google API, without requiring interaction from the user.
Google Chrome, Facebook, Snapchat, and WhatsApp are only some of the apps that use this library.
Tracked as CVE-2020-8913 and addressed in March 2020, the vulnerability is a path traversal that could result in local code execution "Within the scope of any application that has the vulnerable version of the Google Play Core Library," Check Point explains.
An analysis performed by Check Point revealed that 13% of Google Play applications used the library, and that 8% of them had a vulnerable version.
News URL
Related news
- Google fixes two Android zero-days used in targeted attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- Samsung phone users under attack, Google warns (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-8913 | Path Traversal vulnerability in Android Play Core Library A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. | 8.8 |