AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Viber messenger security4/11/2023 ![]() But people choose different apps.ĭue to WhatsApp's new security features, many regular users looked for better alternative platforms like Telegram and Viber. Undoubtedly, all three platforms are top-notch messaging platforms. You must have heard about the popular messaging platforms WhatsApp, Telegram, and Viber. You might be wondering what just we just above. In other words, a set of factors helps in the final choice. Besides features and popularity, some people check the capabilities and ease of use before using. Some people have definite reasons for exploring the features and functions of an app. What are your preferred reasons for choosing a particular messaging platform? Most people use the app that is popular among their friends' circles. The vulnerability can cause high risks such as "injecting code into banking applications to grab credentials, while have SMS permissions to steal the Two-Factor Authentication (2FA) codes, Inject code into social media applications to spy on the victim, and use location access to track the device", among others.There are many messaging platforms available for both personal and professional uses. If a malicious application exploits this vulnerability, it can gain code execution inside popular applications and have the same access as the vulnerable application," according to researchers at Check Point. ![]() "The vulnerability lies within the combination of the two features mentioned above, and also utilizes file traversal, a concept as old as the internet itself. When we combine popular applications that utilize the Google Play Core library, and the Local-Code-Execution vulnerability, we can clearly see the risks. ![]() Although, these files are pushed only into the non-verified folder, and it is not automatically handled by the library. When a file is written to the verified folder, it interacts with the Google Play Core library which loads and executes it.Īnother feature is the ability to let other sources push files into the hosting application’s sandbox. The files that are downloaded from the official source, which in this case is Google Play, go into the verified folder, whereas files that are downloaded from other sources are sent to the non-verified folder. Image: tech2 What is vulnerability CVE-2020-8913?īefore we understand the vulnerability, we need to understand a small part of how mobile applications work.Įvery mobile application sandbox has “verified” files from Google Play store and "non-verified" ones. Notably, when a vulnerability is on a server-end, the issue can be patched and applied completely to the affected apps, however, when it's on the client-end, developers of all affected apps needs to get the latest version of the library and apply it to the app. Google patched this vulnerability on 6 April 2020, however, developers are yet to push the patch to their application. For perspective, as of the third quarter of 2020, Google Play store had over 2.87 million apps on the platform. ![]() Some of the actions that can be taken with Play Core include, triggering in-app updates, request in-app reviews, download additional language resources, among others.Īs per the researchers (via SandBlast Mobile), in September 2020, 13 percent of Google Play applications used this library, and 8 percent of those apps had a vulnerable version. The vulnerability was published back in August 2020.įor the uninitiated, the 'Play Core Library' is the app’s runtime interface with the Google Play Store. ![]() Code execution is an attacker’s ability to execute arbitrary commands or code," according to security researchers at Check Point Research. The vulnerability "allows Local-Code-Execution (LCE) within the scope of any application that has the vulnerable version of the Google Play Core Library. This means, users of these apps, are facing a security risk. Viber, Grindr, OkCupid and several other Android apps have been found to be unguarded against the vulnerability CVE-2020-8913. ![]()
0 Comments
Read More
Leave a Reply. |