Just In
- 12 min ago Xiaomi Robot Vacuum Cleaner S10, Handheld Garment Steamer, and Redmi Buds 5A Launched in India
- 53 min ago Lenovo Unveils IdeaPad Pro 5i Laptop With Intel Core Ultra 9 Processor – Check Price, Specs
- 56 min ago Lava ProWatch Zn, ProWatch Vn Smartwatches Launched in India: Check Price, Specs, Availability
- 1 hr ago Google Podcasts to Shut Down Globally in June 2024: Here's How to Transfer Your Podcasts to YouTube Music
Don't Miss
- Education WBCHSE HS Result 2024 to be declared Soon at wbchse.wb.gov.in, Check the Tentative Dates
- Movies 10 Times Yesteryear Diva Zeenat Aman Set Major Fashion Goals With Her Timeless Grace And Age-defying Style
- Sports Boria Majumdar: 'He Lied Through His Teeth'; Deserves Apology From Cricketer For Social Media Abuse
- Lifestyle Nayanthara Poses With Husband Vignesh Shivan In Chic Saree, Check Her Sarees To Ace Summer Wedding Look
- News Lok Sabha Elections 2024: What Are The Expectations Of First-Time Voters?
- Automobiles Nissan Magnite Achieves 1 Lakh Unit Sales Milestone: Consistency Helps
- Finance Sakuma Exports Secures Rs. 150 Cr Deal; Okays Rights Issue Amidst Positive Outlook
- Travel Kurnool's Hidden Gems: A Guide To Exploring India's Lesser-Known Treasures
Microsoft Discovers Security Flaws In Pre-Installed Android Apps
In a recent development, a couple of high-severity vulnerabilities have been discovered in a mobile framework that serves the Android OS. These security vulnerabilities are prone to affect millions of people and expose them to risk. These have been disclosed in a framework used by pre-installed Android System apps.
The security flaw was disclosed by The Microsoft 365 Developer Research Team in September 2021. It notes that these could have been used to launch serious attacks on the target devices and users. Eventually, this will result in data theft and partial device takeover.
Android Security Flaw
As per the blog post by Microsoft, the uncovered high-severity flaws in a mobile framework that is owned by MCE Systems and used by multiple large mobile service providers in pre-installed Android System apps. These can potentially expose millions of users to local and remote attacks.
Going by the blog post, these vulnerabilities are CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2921-42601. Also, these are rated to have security scores ranging from 7.0 to 8.9 out of 10. Now, the issues have been fixed by the Israeli developer MCE Systems. The framework had broad access permissions, including camera, audio, power, sensor data, location, and storage among others. As per Microsoft, this could permit attackers to implant persistent backdoors and take control of the affected devices.
Microsoft's Findings
The findings discovered by Microsoft stated that the mobile framework includes a service, which can be leveraged to let adversaries to implant a persistent backdoor or gain substantial control of the device. Microsoft and MCE Systems' engineering and security teams to mitigate these vulnerabilities. The latter fixed the issue by sending an urgent framework update to the impacted providers and released fixes to the issues.
While reporting the issue, there were no reports claiming that these security flaws have been exploited in the wild.
In the wake of this report, Google also pitched it to reveal that it has updated the Play Protect service to cover the attack vectors. In addition to this, there could be more undiscovered security vulnerabilities that might affect users, including mobile phone repair shops that could have installed vulnerable apps on the people's endpoints.
-
99,999
-
1,29,999
-
69,999
-
41,999
-
64,999
-
99,999
-
29,999
-
63,999
-
39,999
-
1,56,900
-
79,900
-
1,39,900
-
1,29,900
-
65,900
-
1,56,900
-
1,30,990
-
76,990
-
16,499
-
30,700
-
12,999
-
14,999
-
26,634
-
18,800
-
62,425
-
1,15,909
-
93,635
-
75,804
-
9,999
-
11,999
-
3,999