Countless apps on Google’s Play Store are still vulnerable to a known bug, CVE-2020-8913, that allows threat actors to inject malicious codes
in Google Play Core Library Remains Unpatched in Google Play Applications Vulnerability
in Google Play Core Library Remains Unpatched in Google Play Applications
Google has repeatedly emphasized the safety of downloading applications from a branded store, where they are tested for malicious components before publication. But despite the desire of the company's developers to quickly respond to threats to users, according to research by Check Point Research, there are still thousands of applications containing a long-known vulnerability on the platform.
According to the experts' report , the CVE-2020-8913 vulnerability allows malware to intercept the browser history and cookies from the victim's smartphone and then gain access to his logins, passwords and even images.
|How the CVE-2020-8913 vulnerability works|
For the first time, experts in the field of IT security reported about the "hole" found in the core of one of the store's key libraries in August 2020. Google developers released the corresponding patch a few months before the publicity, but in order to completely eradicate the problem, the authors of the applications must independently update their products using the corrected library.
According to experts, about 13% of applications in the store are now based on the old version of the kernel. This includes popular downloadable programs such as Microsoft Edge, Moovit, and Cyberlink PowerDirector.