A new report by Check Point Research claims that long-known vulnerabilities back from 2014 continue to exist in many popular Android apps. While app developers publish the latest versions on Google Play, they neglect to incorporate security fixes into their versions of popular components as it’s a tedious task, claims the report. “We found that three vulnerabilities of critical severity (Arbitrary Code Execution) from 2014, 2015 and 2016 still exist in hundreds of popular Android apps, including Yahoo Browser, Facebook, Instagram and WeChat,” said said Slava Makkaveev of Check Point Research. While there may be hundreds of Android apps out there which still continue to have these vulnerabilities, here are 19 popular apps that continue to have a vulnerable library…
LiveXLive
LiveXLive app (package name com.slacker.radio) with over 50,000,000 downloads have a vulnerable library known as “libLibFlacWrapper.so”, as per the report.
Moto Voice BETA
Moto Voice BETA app (package name: com.motorola.audiomonitor) with over 10,000,000 downloads have vulnerable libraries known as “libflacencoder.so, libvasflacencoder.so”, as per the report.
0Yahoo! Transit
Yahoo! Transit app (package name: jp.co.yahoo.android.apps.transit) with over 10,000,000 downloads have a vulnerable library known as “libyjvoice-4.6.0.so”, as per the report.
Yahoo! Browser
Yahoo! Browser app (package name: jp.co.yahoo.android.apps.transit) with over 10,000,000 downloads have a vulnerable library known as “libyjvoice-4.7.0.so”, as per the report.
Yahoo! MAP
Yahoo! MAP app (package name: jp.co.yahoo.android.apps.map) with over 5,000,000 downloads have a vulnerable library known as “libyjvoice-4.6.0.so”, as per the report.
Yahoo! Car navigation
Yahoo! Car navigation (package name:jp.co.yahoo.android.apps.navi) with over 5,000,000 downloads have a vulnerable library known as “libyjvoice-wakeup-4.6.0.so”, as per the report.
Facebook is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 20158 / 20Facebook is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 2015
Messenger is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 20159 / 20Messenger is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 2015
SHAREit is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 201510 / 20SHAREit is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 2015
Mobile Legends: Bang Bang is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 201511 / 20Mobile Legends: Bang Bang is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 2015
Smule is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 201512 / 20Smule is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 2015
JOOX Music is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 201513 / 20JOOX Music is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 2015
WeChat is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 201514 / 20WeChat is affected by CVE-2015-8271 (FFmpeg RTMP video streaming) back from 2015
AliExpress is affected by CVE-2016-3062 (FFmpeg libavformat media handling) back from 201615 / 20AliExpress is affected by CVE-2016-3062 (FFmpeg libavformat media handling) back from 2016
Video MP3 Converter is affected by CVE-2016-3062 (FFmpeg libavformat media handling) back from 201616 / 20Video MP3 Converter is affected by CVE-2016-3062 (FFmpeg libavformat media handling) back from 2016
Lazada is affected by CVE-2016-3062 (FFmpeg libavformat media handling) back from 201617 / 20Lazada is affected by CVE-2016-3062 (FFmpeg libavformat media handling) back from 2016
VivaVideo is affected by CVE-2016-3062 (FFmpeg libavformat media handling) back from 2016
Source:- gadgetsnow
Share: