“Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory,” the Microsoft Threat Intelligence team wrote in a post on its Security Blog. The researchers also noted that the vulnerability was found in several Google Play Store apps that had a combined total of more than four billion installations.
This vulnerability occurs when an Android content provider system, which is intended to safeguard data transmission between various apps on a device, is misused by a developer. This comprises path validation, data isolation, URI permissions, and other security features to prevent unauthorised access by the programmes or by third parties trying to get into the app. On the other hand, a part known as custom intentions is impacted by incorrect system implementation.
If the device is attacked, hackers can take advantage of this vulnerability by entering one app, which gives them access to all the apps that have this flaw. This gives the bad guys total control over the device and makes it possible for them to steal confidential information, including financial data. Notably, the WPS Office and Xiaomi File Manager applications were discovered to be vulnerable. According to Microsoft’s assessment, the creators of both apps looked into and resolved the problem.
Google has also acknowledged the problem and addressed it in a blog post on the Android Developers blog. The organisation has indicated frequent mistakes and solutions. It is anticipated that the impacted app developers will address the problems and provide a remedy in the upcoming days. Although there isn’t much end consumers can do to prevent this vulnerability, it is advised that they continue to update the apps on their devices and refrain from downloading any new ones from third-party sources for the time being.
Tags
Top Tech