Unpatched Android apps are putting security of millions at stake

Various established and famous android apps are still operating over unpatched modules.

Researchers have revealed that there are several android apps that aren’t using the updated versions of Google’s updated library. Security researchers detected vulnerabilities in Google library Play Core Library, allowing malicious apps to execute code in legit apps.

Google responded to this by releasing a security patch back in March 2020. However, several third-party apps were found unpatched that can be used by hackers to fulfil their malicious intentions. Some of the apps have over 250 million downloads.

Researchers claim that most app developers haven’t yet integrated the new Google Play Core Library to mitigate the threat. The apps that are still unpatched and vulnerable include Grindr OkCupid, Bumble, Cisco Teams, Yango, ProMoovit, Xrecorder, Microsoft Edge and PowerDirector.

Play Core Library is a widely used Android library through which developers can manage the latest feature module delivery, download new language packs, and effectively trigger in-app updates at runtime.

In a demo, researchers could easily steal all the bookmarks stored in the browser via payload, malicious threat actors can easily steal sensitive data like emails, passwords, and financial information. The stolen sensitive data can cause huge loss and menace for users.

Install NPAV on your devices to keep them secure from all kinds of cyberattacks. Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

*