Beware, an old security flaw is putting users’ data at risk. According to a recent report by research firm CheckPoint, Android apps such as Grindr, Bumble, OKCupid, Cisco Teams, Yango Pro, Edge, Xrecorder, PowerDirector, and many others are vulnerable to an old Play Core library flaw. The report stated that the security flaw puts hundreds of millions of Android users’ data at risk. Also Read - Google completes Fitbit acquisition
This security flaw was reportedly been patched by Google earlier this year, in April. However, for the flaw to be fixed in all affected apps, the app developers will need to install the new Play Core library, which the aforementioned popular Android apps like Grindr, Bumble, OKCupid, Cisco Teams, Yango Pro, Edge, Xrecorder, PowerDirector, among others have not done. Also Read - Google said to be working on Pixel 4A 5G touchscreen issues
This negligence puts users’ of these apps at high risk. The report suggests that all these apps are still on the old Play Core library version apart from Viber and Booking apps, which were recently updated. Google rated the flaw an 8.8 out of 10 in severity. Also Read - Today's Tech News: Samsung Galaxy S20 price cut, Signal ramps up hiring
Check Point stated that the affected apps are still vulnerable to the vulnerability CVE-2020-8913. According to the report, the flaw is rooted in Google’s widely used Play Core library that allows developers push in-app updates and new feature modules to their Android apps. The report further noted that the security flaw lets a hacker steal sensitive user data such as login details, passwords, financial details, and email.
According to Check Point, 13 percent of Google Play apps analysed by them in September used the Google Play Core library while 8 percent of those apps continued to have a vulnerable version. It is suggested that users must uninstall these apps until they fix the security flaw.
Commenting on the matter Manager of Mobile Research, Check Point, Aviran Hazum said, “We’re estimating that hundreds of millions of Android users are at security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries. The vulnerability CVE-2020-8913 is highly dangerous. If a malicious application exploits this vulnerability, it can gain code execution inside popular applications, obtaining the same access as the vulnerable application. For example, the vulnerability could allow a threat actor to steal two-factor authentications codes or inject code into banking applications to grab credentials. Or, a threat actor could inject code into social media applications to spy on victims or inject code into all IM apps to grab all messages. The attack possibilities here are only limited by a threat actor’s imagination.”