Microsoft discovered a major security vulnerability in several Android apps last week that could be exploited to gain unauthorized access to apps and sensitive data on the device. Interestingly, this security flaw does not come from the system code, but rather from improper use of a particular system by developers which can lead to exploitable flaws. Notably, the flaw has been highlighted to Google, and the tech giant has taken steps to make the Android app developer community aware of the issue.
one in Post On its security blog, the Microsoft Threat Intelligence team said, “Microsoft has discovered a path traversal-associated vulnerability pattern in several popular Android applications that could enable a malicious application to overwrite files in the home directory of a vulnerable application. Is.” The researchers also highlighted that the vulnerability was observed in several apps in the Google Play Store, which had a combined total of more than four billion installations.
This vulnerability emerges when a developer misuses Android’s content provider system, which is designed to secure data exchange between different apps on a device. This includes data isolation, URI permissions, path validation, and other security measures to prevent unauthorized access to the app by users or any other person. However, improper implementation of the system affects a component called custom intent. These are messaging objects that conduct two-way communication between different apps. When this vulnerability exists, apps can bypass security measures and allow other apps (or hackers who control them) to access sensitive data stored in them.
In the event of an attack on the device, hackers can manipulate this vulnerability by accessing just one app, they can penetrate all the apps that have this flaw. This enables bad actors to gain complete control over the device or steal sensitive data, including financial information. Specifically, vulnerabilities were found in Xiaomi File Manager and WPS Office apps. Microsoft said in its report that the developers of both the apps have investigated and fixed the problem.
Google has also taken cognizance of this issue and published a Post On my Android Developers Blog. The company has highlighted common errors and ways to fix them. The developers of the affected apps are expected to fix the issues and release a solution in the coming days. Although there is not much that end users can do to avoid this vulnerability, it is recommended that they be proactive in updating the apps on their devices and avoid downloading apps from third-party sources for the time being.
| Denial of responsibility! Thelocalreport.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us.The content will be deleted within 24 hours. |