Just In
-
-
-
-
Don't Miss
-
WBCHSE HS Result 2024 to be declared Soon at wbchse.wb.gov.in, Check the Tentative Dates -
10 Times Yesteryear Diva Zeenat Aman Set Major Fashion Goals With Her Timeless Grace And Age-defying Style -
Boria Majumdar: 'He Lied Through His Teeth'; Deserves Apology From Cricketer For Social Media Abuse -
Nayanthara Poses With Husband Vignesh Shivan In Chic Saree, Check Her Sarees To Ace Summer Wedding Look -
Lok Sabha Elections 2024: What Are The Expectations Of First-Time Voters? -
Nissan Magnite Achieves 1 Lakh Unit Sales Milestone: Consistency Helps -
Sakuma Exports Secures Rs. 150 Cr Deal; Okays Rights Issue Amidst Positive Outlook -
Kurnool's Hidden Gems: A Guide To Exploring India's Lesser-Known Treasures
Microsoft Discovers Security Flaws In Pre-Installed Android Apps
In a recent development, a couple of high-severity vulnerabilities have been discovered in a mobile framework that serves the Android OS. These security vulnerabilities are prone to affect millions of people and expose them to risk. These have been disclosed in a framework used by pre-installed Android System apps.
The security flaw was disclosed by The Microsoft 365 Developer Research Team in September 2021. It notes that these could have been used to launch serious attacks on the target devices and users. Eventually, this will result in data theft and partial device takeover.
Android Security Flaw
As per the blog post by Microsoft, the uncovered high-severity flaws in a mobile framework that is owned by MCE Systems and used by multiple large mobile service providers in pre-installed Android System apps. These can potentially expose millions of users to local and remote attacks.
Going by the blog post, these vulnerabilities are CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2921-42601. Also, these are rated to have security scores ranging from 7.0 to 8.9 out of 10. Now, the issues have been fixed by the Israeli developer MCE Systems. The framework had broad access permissions, including camera, audio, power, sensor data, location, and storage among others. As per Microsoft, this could permit attackers to implant persistent backdoors and take control of the affected devices.
Microsoft's Findings
The findings discovered by Microsoft stated that the mobile framework includes a service, which can be leveraged to let adversaries to implant a persistent backdoor or gain substantial control of the device. Microsoft and MCE Systems' engineering and security teams to mitigate these vulnerabilities. The latter fixed the issue by sending an urgent framework update to the impacted providers and released fixes to the issues.
While reporting the issue, there were no reports claiming that these security flaws have been exploited in the wild.
In the wake of this report, Google also pitched it to reveal that it has updated the Play Protect service to cover the attack vectors. In addition to this, there could be more undiscovered security vulnerabilities that might affect users, including mobile phone repair shops that could have installed vulnerable apps on the people's endpoints.
-
99,999 -
1,29,999 -
69,999 -
41,999 -
64,999 -
99,999 -
29,999 -
63,999 -
39,999 -
1,56,900
-
79,900 -
1,39,900 -
1,29,900 -
65,900 -
1,56,900
-
1,30,990 -
76,990 -
16,499 -
30,700 -
12,999
-
14,999 -
26,634 -
18,800 -
62,425 -
1,15,909 -
93,635 -
75,804 -
9,999 -
11,999 -
3,999
