Most people think if they keep their mobile apps updated to the latest version, they also are patching for critical vulnerabilities. Not so, said researchers from Check Point Software, which discovered that outdated code—including known vulnerabilities—are still present in hundreds of popular apps on the Google Play Store, including Facebook, Instagram, WeChat and Yahoo Browser. In a month-long study, Check Point Research cross-examined the latest versions of these and other high-profile mobile apps for three known remote control execution (RCE) vulnerabilities dating from 2014, 2015 and 2016, Check Point security researcher Slava Makkaveev revealed in research posted online Thursday. Researchers assigned each vulnerability two signatures, then ran a static engine to examine hundreds of mobile applications in Google’s Play Store to see if old, vulnerable code was present in the latest version of the application. What they found may surprise many: critical vulnerabilities that app makers claim has been patched still existed in the latest versions of popular mobile applications, according to Makkaveev. “Just three vulnerabilities, all fixed over two years ago, make hundreds of apps potentially vulnerable to remote code execution,” he wrote. “Can you imagine how many popular apps an attacker can target if he scans Google Play for a hundred known vulnerabilities?” The research proves that updates pushed out by apps manufacturers are not a failsafe to keeping mobile devices…
http://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard http://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-11-21 07:05:002019-11-21 07:05:00Popular Apps on Google Play Store Remain Unpatched
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org