image
Most people think if they keep their mobile apps updated to the latest version, they also are patching for critical vulnerabilities. Not so, said researchers from Check Point Software, which discovered that outdated code—including known vulnerabilities—are still present in hundreds of popular apps on the Google Play Store, including Facebook, Instagram, WeChat and Yahoo Browser. In a month-long study, Check Point Research cross-examined the latest versions of these and other high-profile mobile apps for three known remote control execution (RCE) vulnerabilities dating from 2014, 2015 and 2016, Check Point security researcher Slava Makkaveev revealed in research posted online Thursday. Researchers assigned each vulnerability two signatures, then ran a static engine to examine hundreds of mobile applications in Google’s Play Store to see if old, vulnerable code was present in the latest version of the application. What they found may surprise many: critical vulnerabilities that app makers claim has been patched still existed in the latest versions of popular mobile applications, according to Makkaveev. “Just three vulnerabilities, all fixed over two years ago, make hundreds of apps potentially vulnerable to remote code execution,” he wrote. “Can you imagine how many popular apps an attacker can target if he scans Google Play for a hundred known vulnerabilities?” The research proves that updates pushed out by apps manufacturers are not a failsafe to keeping mobile devices…

Source