Social applications Bumble and OkCupid are amongst other well-liked Android applications that may perhaps hold a prospective safety threat to customers.
According to a report by a analysis firm CheckPoint, Android apps such as Grindr, Bumble, OKCupid, Cisco Teams, Yango Pro, Edge, Xrecorder, PowerDirector, and lots of other people may perhaps turn into targets for an old Play Core library flaw. The flaw has the energy to place the numerous Android users’ information at threat.
Reportedly, the flaw was patched by Google earlier this year, in April. To get rid of the flaw, developers need to have to set up the new Play Core library in the aforementioned Android apps.
While the new Play Core library is not installed in these apps, it holds the users’ information at higher threat. According to Google, the flaw is rated 8.8 out of 10 in severity.
Talking about the prospective information threat, CheckPoint’s Manager of Mobile Research, Aviran Hazum stated: “We’re estimating that hundreds of millions of Android users are at security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries. The vulnerability CVE-2020-8913 is highly dangerous. If a malicious application exploits this vulnerability, it can gain code execution inside popular applications, obtaining the same access as the vulnerable application. For example, the vulnerability could allow a threat actor to steal two-factor authentications codes or inject code into banking applications to grab credentials. Or, a threat actor could inject code into social media applications to spy on victims or inject code into all IM apps to grab all messages. The attack possibilities here are only limited by a threat actor’s imagination.”