Security News > 2022 > May > Microsoft finds severe bugs in Android apps from large mobile providers
Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers.
"The apps were embedded in the devices' system image, suggesting that they were default applications installed by phone providers," according to security researchers Jonathan Bar Or, Sang Shin Jung, Michael Peck, Joe Mansour, and Apurva Kumar of the Microsoft 365 Defender Research Team.
While the vendors Microsoft reached out to have already updated their apps to address the bugs before the security flaws were disclosed today to protect their customers from attacks, apps from other telcos also use the same buggy framework.
"Several other mobile service providers were found using the vulnerable framework with their respective apps, suggesting that there could be additional providers still undiscovered that may be impacted," the researchers added.
Microsoft added that some Android devices might also be exposed to attacks trying to abuse these flaws if an Android app was installed "By several mobile phone repair shops."
Microsoft didn't reply to a request for sharing the complete list of affected apps and mobile providers when BleepingComputer reached out earlier today.