Microsoft discovers high-severity vulnerabilities in Android apps with millions of downloads

Microsoft discovered very serious vulnerabilities affecting Android apps with millions of downloads. The vulnerabilities have been patched by all parties involved, the Microsoft 365 Defender research team said Friday.

The vulnerabilities – identified as CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601 – were found in a mobile frame owned by Israeli company mce Systems and used by several major vendors. mobile services. in pre-installed Android system apps that potentially exposed users to remote (albeit complex) or local attacks.

The vulnerabilities could have been attack vectors allowing attackers to access system configuration and sensitive information, the researchers noted.

All of the vulnerable Android apps, which were default apps installed by phone providers, are available on the Google Play Store where they pass through Google Play Protect’s automatic security checks.

Microsoft discovered the vulnerabilities in September 2021 and shared the findings with mce Systems and affected mobile service providers. The two companies have worked closely together to mitigate these vulnerabilities.

“We have worked with mce Systems, the framework developer, and affected mobile service providers to resolve these issues. We commend the prompt and professional resolution of the mce Systems engineering teams, as well as the affected vendors in resolving each of these issues. these issues, ensuring that users can continue to use such a crucial framework,” Microsoft said.

More information is available here.

Comments are closed.