Home » » Serious security bugs put millions of Android devices at risk

Serious security bugs put millions of Android devices at risk

No comments

A couple of high-severity vulnerabilities were recently discovered in a mobile framework serving the Android operating systems, putting millions of people at risk.

The Microsoft 365 Defender Research Team, which discovered the flaws in September last year, says they could have been used to launch serious attacks on target devices, resulting in data theft and partial device takeover.

According to a new blog post, Microsoft "uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks".

The vulnerabilities are being tracked as CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601, with severity scores ranging from 7.0 to 8.9 out of 10.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Taking over the device

Further detailing its findings, Microsoft said the mobile framework includes a service that could be leveraged to “allow adversaries to implant a persistent backdoor or take substantial control over the device".

The company notified both mce Systems and affected mobile service providers (some of which are  “international”), and teamed up with them to work on a fix. All of the vulnerabilities have now been addressed, the blog states. 

Read more

> Google fixes "critical" Android 12 security flaw

 > This Android security flaw could let hackers follow all your movements

 > Your Windows antivirus will now spot Android and iOS flaws too

"We worked closely with mce Systems’ security and engineering teams to mitigate these vulnerabilities," Microsoft said, "which included mce Systems sending an urgent framework update to the impacted providers and releasing fixes for the issues. At the time of publication, there have been no reported signs of these vulnerabilities being exploited in the wild".

Google also pitched in, updating its Play Protect service to cover off the attack vectors.

While Microsoft says there is no evidence of the flaws being exploited in the wild, it did add that there could be more undiscovered providers affected by the flaw, including “several mobile phone repair shops” that might have installed vulnerable apps on people’s endpoints.



from TechRadar - All the latest technology news https://ift.tt/Nr0vwxj
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us