Security News > 2020 > December > Many Android Apps Expose Users to Attacks Due to Failure to Patch Google Library
A vulnerability in the Google Play Core Library continues to impact many applications several months after official patches were released.
The Google Play Core Library allows Android developers to deliver updates to their applications at runtime, via the Google API, without requiring interaction from the user.
Google Chrome, Facebook, Snapchat, and WhatsApp are only some of the apps that use this library.
Tracked as CVE-2020-8913 and addressed in March 2020, the vulnerability is a path traversal that could result in local code execution "Within the scope of any application that has the vulnerable version of the Google Play Core Library," Check Point explains.
An analysis performed by Check Point revealed that 13% of Google Play applications used the library, and that 8% of them had a vulnerable version.
News URL
Related news
- iOS devices face twice the phishing attacks of Android (source)
- Old Fortinet flaws under attack with new method its patch didn't prevent (source)
- Google adds Android auto-reboot to block forensic data extractions (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Phishers abuse Google OAuth to spoof Google in DKIM replay attack (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers (source)
- Google fixes actively exploited FreeType flaw on Android (source)
- SonicWall urges admins to patch VPN flaw exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-8913 | Path Traversal vulnerability in Android Play Core Library A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. | 8.8 |