12 Android applications have security holes, users should update immediately
Mobile security company Oversecured has published an article revealing security vulnerabilities that have been discovered in Android applications and system components on Xiaomi phones, allowing thieves to access activities, Arbitrary services with system privileges, file theft…
12 Android apps are affected by security vulnerabilities, including:
- Gallery (com.miui.gallery)
- GetApps (com.xiaomi.mipicks)
- Mi Video (com.miui.videoplayer)
- MIUI Bluetooth (com.xiaomi.bluetooth)
- Phone Services (com.android.phone)
- Print Spooler (com.android.printspooler)
- Security (com.miui.securitycenter)
- Security Core Component (com.miui.securitycore)
- Settings (com.android.settings)
- ShareMe (com.xiaomi.midrop)
- System Tracing (com.android.traceur), and
- Xiaomi Cloud (com.miui.cloudservice)
Some notable bugs discovered in these 12 apps include bugs in the Settings app that could allow crooks to steal arbitrary files as well as leak device information, researchers said. Bluetooth, connected WiFi network and emergency contacts; shell command injection error affecting the System Tracing application.
The cause of the vulnerability is believed to be due to the Chinese phone manufacturer modifying legitimate components from the Android Open Source Project (AOSP) including Phone Services, Print Spooler, Settings and System Tracing.
In addition, researchers also discovered a memory corruption vulnerability, originating from an Android library called LiveEventBus that affects the GetApps application. Oversecured reported this vulnerability to project maintainers more than a year ago, but it has not been patched yet.
Oversecured said the issues have been reported to Xiaomi since April 25 and recommends that Xiaomi phone users update to the latest version to minimize potential threats.
13 popular applications have serious security vulnerabilities, users need to update immediately
Apple and The Citizen Lab have just discovered a serious security vulnerability, affecting a series of popular applications and millions of Internet users.
The discovered security vulnerability codenamed CVE-2023-4863 is related to heap buffer overflow in WebP due to programs and applications not managing memory well and allowing important system data to be overwritten.
If hackers successfully exploit the vulnerability, they can remotely take control of the system and launch larger-scale attacks.
This is a huge vulnerability because practically every software program or application that uses libwebp to display WebP images has problems.
The vulnerability affects a series of popular applications and OTT software such as Google Chrome, Mozilla Firefox, Microsoft Edge, Affinity, Gimp, Inkscape, LibreOffice, Thunderbird, ffmpeg, Honeyview, Telegram, Signal and 1Password.
In addition, the existence of WebP vulnerabilities also exists in many Android applications as well as cross-platform applications built with Flutter.
Google has confirmed the existence of the WebP vulnerability and has urgently released the Google Chrome 116 update to patch it.
Experts recommend that users who are using any of the applications mentioned in this article should update the software to the latest version immediately to keep their devices safer.
Apple's Security Architecture and Engineering (SEAR) team discovered and reported the WebP vulnerability in collaboration with The Citizen Lab on September 6, 2023.
You should read it
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Zalo PC has a serious RCE error, you should be careful when receiving attachments
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Detected critical zero-day vulnerability on Adobe Reader
May be interested
- Please delete this VPN service immediately, tens of millions of users are having security holesgoogle quickly removed it from the app store, but a large number of users continued to use it.
- Users need to update their iOS and Mac devices right away to avoid security vulnerabilitiesapple devices have long been known to be safer than other windows-based devices. however, that does not mean that apple users can trust absolutely. recently, a security vulnerability has hit ios and macos devices. please read the following article to know how to update!
- Microsoft issued a warning about macOS security errors, urging users to update the software immediatelythe microsoft security team recently issued a warning about a vulnerability that exists in a bug in apple's transparency, consent and control (tcc) technology. tcc is a technology that has been around since 2012.
- Should I update to iOS 15?every time apple releases a new operating system update, many users wonder whether to update immediately or wait a while. each option has many factors to consider.
- The security flaw threatens more than 2 billion Google Chrome usersjust released three weeks ago, chrome 81 version contained two dangerous security holes that allowed hackers to attack and control the entire computer system of the victim.
- 28 harmful applications that need to be immediately removed from your smartphonesecurity experts have recently discovered 28 applications containing malicious code that have been installed on the smartphones of millions of users. if you have one of these applications installed, immediately remove it from your device.
- Detect 2 serious security holes in the Zoom applicationrecently, cisco talos security researchers have discovered two serious security holes in the zoom application. these vulnerabilities allow hackers to attack and infiltrate the computers of people in the group chat.
- Instructions for updating Android appsyou can choose one or more of the applications on the list to have on your phone to update android apps.
- Millions of Android devices stick with security holes in firmware, hackers can exploit to lock users' machineshackers can exploit this vulnerability to hijack the machine or lock the device so that users cannot use their smartphone.
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008to fix the bluekeep security vulnerability, users need to disable rdp and block port 3389