In a post on its security blog, Microsoft Threat Intelligence Team said, “Microsoft has discovered a path traverse-affiliated vulnerable pattern in many popular Android applications that have a special to overrite files in a weak application home directory Can enable malicious application. ” Researchers also shed light on the fact that the Google Play Games Pack saw vulnerability in several apps, which had more than four billion installations in total.
This vulnerability emerges when a developer incorrectly uses Android’s content provider system, which is designed to secure data exchange between various apps on the device. This includes data isolation, URI permission, path validation and other security measures to prevent unauthorized access by apps or any other person. However, improper implementation of the system affects a component called Custom Intent. These are messaging objects that create two-way communication between different apps. Apps can ignore safety measures when this vulnerability exists and gives other apps (or hackers controlling them) of Stord sensitive data in them.
In the event of an attack on the device, hackers can manipulate this vulnerability by accessing only one app, they can enter all apps in which it is a flaw. This enables hackers to gain full control on the device or steal sensitive data, including financial details. In particular, the Xiaomi file manager and WPS Place of Job apps were found to be vulnerable. Microsoft said in its report that the developers of both the apps have investigated and corrected the problem.
Google has also taken cognizance of this issue and published a post on its Android developers blog. The company has thrown light on general flaws and ways to fix them. It is expected that the developers of the affected apps will fix the problems in the coming days and release a fix.
Download the Gadgets 360 Android app for the latest tech news, smartphone review and exclusive offer on popular mobiles and follow us on Google News.
