Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 1112 Android applications have security holes, users should update immediately
Mobile security company Oversecured has published an article revealing security vulnerabilities that have been discovered in Android applications and system components on Xiaomi phones, allowing thieves to access activities, Arbitrary services with system privileges, file theft…
12 Android apps are affected by security vulnerabilities, including:
- Gallery (com.miui.gallery)
- GetApps (com.xiaomi.mipicks)
- Mi Video (com.miui.videoplayer)
- MIUI Bluetooth (com.xiaomi.bluetooth)
- Phone Services (com.android.phone)
- Print Spooler (com.android.printspooler)
- Security (com.miui.securitycenter)
- Security Core Component (com.miui.securitycore)
- Settings (com.android.settings)
- ShareMe (com.xiaomi.midrop)
- System Tracing (com.android.traceur), and
- Xiaomi Cloud (com.miui.cloudservice)
12 Android applications have security holes, users should update immediately Picture 1
Some notable bugs discovered in these 12 apps include bugs in the Settings app that could allow crooks to steal arbitrary files as well as leak device information, researchers said. Bluetooth, connected WiFi network and emergency contacts; shell command injection error affecting the System Tracing application.
The cause of the vulnerability is believed to be due to the Chinese phone manufacturer modifying legitimate components from the Android Open Source Project (AOSP) including Phone Services, Print Spooler, Settings and System Tracing.
In addition, researchers also discovered a memory corruption vulnerability, originating from an Android library called LiveEventBus that affects the GetApps application. Oversecured reported this vulnerability to project maintainers more than a year ago, but it has not been patched yet.
Oversecured said the issues have been reported to Xiaomi since April 25 and recommends that Xiaomi phone users update to the latest version to minimize potential threats.
13 popular applications have serious security vulnerabilities, users need to update immediately
Apple and The Citizen Lab have just discovered a serious security vulnerability, affecting a series of popular applications and millions of Internet users.
12 Android applications have security holes, users should update immediately Picture 2
The discovered security vulnerability codenamed CVE-2023-4863 is related to heap buffer overflow in WebP due to programs and applications not managing memory well and allowing important system data to be overwritten.
If hackers successfully exploit the vulnerability, they can remotely take control of the system and launch larger-scale attacks.
This is a huge vulnerability because practically every software program or application that uses libwebp to display WebP images has problems.
The vulnerability affects a series of popular applications and OTT software such as Google Chrome, Mozilla Firefox, Microsoft Edge, Affinity, Gimp, Inkscape, LibreOffice, Thunderbird, ffmpeg, Honeyview, Telegram, Signal and 1Password.
In addition, the existence of WebP vulnerabilities also exists in many Android applications as well as cross-platform applications built with Flutter.
Google has confirmed the existence of the WebP vulnerability and has urgently released the Google Chrome 116 update to patch it.
Experts recommend that users who are using any of the applications mentioned in this article should update the software to the latest version immediately to keep their devices safer.
Apple's Security Architecture and Engineering (SEAR) team discovered and reported the WebP vulnerability in collaboration with The Citizen Lab on September 6, 2023.
Marvin FryYou should read it
- 13 popular applications have serious security vulnerabilities, users need to update immediately
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Zalo PC has a serious RCE error, you should be careful when receiving attachments
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Detected critical zero-day vulnerability on Adobe Reader
- AMD CPUs also have security vulnerabilities that have existed for many years now!
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
Maybe you are interested
How to set up a secure guest account on a Windows computer
Common Misconceptions About Cancer
15 best free photo editing software on computer
What to do when open command window here does not appear?
How to switch users on the Linux command line
Here are all the new features coming to Apple CarPlay on iOS 18
Mobile
The simplest way to view photos on iCloud using your phone or computer- How to clean up junk on iPhone to help the phone operate more stably
- Instructions for using audio emoji on Google phones
- Why is iOS 18 on iPhone 16 expected by many people?
- Apple: Turning off apps running in the background is useless, it only wastes battery life
- It is recommended that iPhones, even if they are cheap, should not be bought at this time
The simplest way to view photos on iCloud using your phone or computer
How to clean up junk on iPhone to help the phone operate more stably
Instructions for using audio emoji on Google phones
Why is iOS 18 on iPhone 16 expected by many people?
Apple: Turning off apps running in the background is useless, it only wastes battery life
It is recommended that iPhones, even if they are cheap, should not be bought at this time