Be Aware..! Threat Actors Use The Popular Dating, Travel and Video Calling Apps Spying You

  • Whatsapp
sosmed thread

JAKARTA, GESAHKITA COM–Though Google had patched the bug in April, many of the app developers are still using the outdated version of GPC, which is where the bug was found. Bumble, OkCupid, Grindr, Microsoft Edge, Cisco Teams, Viber and Booking are some of the popular apps, which were red flagged by Check Point.

Some of the popular dating, travel and video calling apps on Google Play Store are vulnerable to a known bug CVE-2020-8913, which can be exploited by threat actors to inject malicious codes into them and steal personal information or spy on users, researchers at Check Point found.

Check Point believes that hundreds of millions of Android users are still at significant security risk because of it.

Though Google had patched the bug in April and had rated it 8.8 out of 10 for its severity, many of the app developers are still using the outdated version of Google Core Library (GPC), which is where the bug was found. GPC enables developers to roll out in-app updates and new feature modules in their apps.

In September, researchers at Check Point randomly tested some of the popular Google Play Store apps and found that 13{d16028d1ae91105ee2af888528e4abba9e896c46ed4da329dd7684c3747e71fa} of them were using GPC and 8{d16028d1ae91105ee2af888528e4abba9e896c46ed4da329dd7684c3747e71fa} of them were still using the vulnerable version.

Bumble, OkCupid, Grindr, Microsoft Edge, Cisco Teams, Viber and Booking are some of the popular apps, which were red flagged by Check Point.

Check Point had notified the app developers about the vulnerability before making their findings public. Viber and Booking were among the first to update to the patched version, they claim.

“This described issue has been identified by our security team a month ago and it was fixed in Viber’s new version,” the company said in a statement to Mint.

“We’re estimating that hundreds of millions of Android users are at security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries,” Aviran Hazum, manager of Mobile Research, Check Point said in a statement.

Hazum warns, the vulnerability is highly dangerous and a malicious application can exploit it to steal two-factor authentication codes or inject code into banking applications to steal credentials. They could also inject malicious codes into social media apps and spy on users or in messaging apps to intercept messages.

Though Google Play Store is considered one of the most trusted app stores in the Android ecosystem, it is far from being fully secure. Bugs and apps with hidden malwares have been frequently detected and reported by security researchers from Google and various cybersecurity firms.

In spite of Google fixing an essential security defect in its Play Core library back in April 2020, numerous Android applications actually keep on excess defenseless according to a report by network protection firm Check Point.

Distinguished as CVE-2020-8913, this weakness permits assailants to infuse malevolent code into weak applications, to access in no way different assets of the facilitating application.

Hackers can utilise the powerless applications to gain admittance to touchy information from other applications on a similar gadget, taking clients’ private data, for example, login subtleties, passwords, monetary subtleties, and sends. While there are numerous applications, here are the 10 well known Android applications that might be protected to use until the application designers discharge an update.

To back its claims, Check Point specialists took a weak rendition of the Google Chrome application and made a committed payload to get its bookmarks. Misusing the weakness, somebody can get treats to utilize them as a way to Hijack a current meeting with outsider administrations, as DropBox.

When a payload is “infused” into Google Chrome, the payload will have similar access as the Google Chrome application to information, for example, treats, history, and bookmarks for the information, and secret word administrator as a help. It is fitting that clients update their Google Chrome application right away.

Designers of applications like Viber and Booking as of late delivered a fix. Clients are encouraged to refresh the applications and utilize the most recent rendition.

Record subtleties, passwords, monetary data and other individual information of Grindr application clients on Android might be in danger.

Designers of Bumble are yet to refresh the application to fix this critical issue according to Check Point. Another dating application called OKCupid is influenced by a similar security issue. The Android application of Cisco Team keeps on excess helpless and clients should practice alert until the fix is delivered. Route application Yango Pro (Taximeter) approaches practically all authorizations making it unsafe for Android clients. Microsoft is yet to deliver a fix for its Edge program for Android. Client are in danger of losing their passwords and other individual data.  Xrecorder has been told about the weakness yet the engineers are yet to deliver a fix. PowerDirector likewise experiences the specific security issue alongside incalculable other applications.(*)

Source : Mint

ucapan selamat pelantikan bupati okus dari isyanaucapan selamat pelantikan bupati okus dari eva ucapan selamat pelantikan bupati okus dari natalionucapan selamat pelantikan bupati okus dari rahmatucapan selamat pelantikan bupati okus dari firdaus ucapan selamat pelantikan bupati okus dari linkuli ucapan selamat pelantikan bupati okus pelantikan bupati okus selamat hari press nasional pempek palembang, jual pempek palembang

Tinggalkan Balasan