![]() This becomes a soft entry point to steal credentials for a corporate network, for example, or to track persons of interest. Or if a banking app is vulnerable, the attacker can steal credentials and even 2FA codes.”Ĭheck Point also warns that the vulnerability can be used to “inject code into enterprise applications to gain access to corporate resources or into social media applications to spy on the victim and use location access to track the device.” As ever, a vulnerability with a popular app installed on tens of millions of devices provides a large attack surface for a targeted campaign. ![]() For example, injecting code into a messenger to steal all messages, or send messages on the user’s behalf. The malicious payload will have the same access as the hosting application. “Users should be worried about the data stored inside or accessible to applications. So, should users be worried? Yes, according to Hazum. “During the month of September,” Check Point says, “13% of Google Play applications we analyzed used this library, and 8% of those apps had a vulnerable version.” Google patched the flaw in its Play Core Library way back in April, but a huge number of apps have not bothered to update the library within their own software.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |