Despite Google fixing a crucial security flaw in its Play Core library back in April 2020, many Android apps still continue to remain vulnerable as per a report by cybersecurity firm Check Point. Identified as CVE-2020-8913, this vulnerability allows attackers to inject malicious code into vulnerable applications, in order to gain access to all the same resources of the hosting application. Attackers can use the vulnerable apps to get access to sensitive data from other apps on the same device, stealing users’ private information, such as login details, passwords, financial details, and mails. While there are many apps, here are the 10 popular Android apps that may be safe to use until the app developers release an update.
To back its claims, Check Point researchers took a vulnerable version of the Google Chrome application and created a dedicated payload to grab its bookmarks. Exploiting the vulnerability, someone can grab cookies to use them as a means to Hijack an existing session with 3rd party services, like DropBox. Once a payload is “injected” into Google Chrome, the payload will have the same access as the Google Chrome app to data, such as cookies, history and bookmarks for the data, and password manager as a service. It is advisable that users update their Google Chrome app immediately.