Microsoft’s research team has unearthed a concerning vulnerability pattern in numerous popular Android applications, posing significant security risks to billions of users worldwide.
The identified vulnerability pattern, linked to path traversal, enables a malicious application to manipulate files within the vulnerable app’s home directory.
The impact of this vulnerability reportedly extended to several widely used applications found on the Google Play Store, with over four billion installations collectively.
In a technical blog post published on Wednesday, Microsoft stressed the importance of industry collaboration in addressing evolving threats, highlighting the need for developers to scrutinize their apps for similar vulnerabilities and take prompt action to rectify them.
In response to this discovery, the company said it followed responsible disclosure procedures and collaborated with application developers, such as Xiaomi and WPS Office, to implement fixes. These efforts resulted in deployed fixes for the identified vulnerabilities as of February 2024.
Read more on Android security: GoldDigger Android Trojan Drains Victim Bank Accounts
Furthermore, Microsoft took proactive steps to raise awareness among developers, partnering with Google to publish guidance on the Android Developers website. This initiative aims to equip developers with the knowledge to prevent the introduction of such vulnerabilities in their applications.
Microsoft also elaborated on the vulnerability pattern, particularly its prevalence in Android share targets. Through a detailed case study involving Xiaomi’s File Manager, Microsoft illustrates the potential severity of the issue, including scenarios where attackers could execute arbitrary code and gain access to sensitive…
read more www.infosecurity-magazine.com
Terms of use and third-party services. More here.
Soccer | NFL | NBA | Ads. Amazon
Sports Fan Rings | Sports Fan Football | Sports Fan Jerseys | Sports Fan T-Shirts | Sports Fan Shoes | Sports Fan Jewelry | Puffer Jackets |