Social applications Bumble and OkCupid are among other popular Android applications that may hold a potential security threat to users.
According to a report by a research firm CheckPoint, Android apps such as Grindr, Bumble, OKCupid, Cisco Teams, Yango Pro, Edge, Xrecorder, PowerDirector, and many others may become targets for an old Play Core library flaw. The flaw has the power to put the countless Android users' data at risk.
Reportedly, the flaw was patched by Google earlier this year, in April. To eliminate the flaw, developers need to install the new Play Core library in the aforementioned Android apps.
While the new Play Core library is not installed in these apps, it holds the users' data at high risk. According to Google, the flaw is rated 8.8 out of 10 in severity.
Talking about the potential data risk, CheckPoint's Manager of Mobile Research, Aviran Hazum said: "We’re estimating that hundreds of millions of Android users are at security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries. The vulnerability CVE-2020-8913 is highly dangerous. If a malicious application exploits this vulnerability, it can gain code execution inside popular applications, obtaining the same access as the vulnerable application. For example, the vulnerability could allow a threat actor to steal two-factor authentications codes or inject code into banking applications to grab credentials. Or, a threat actor could inject code into social media applications to spy on victims or inject code into all IM apps to grab all messages. The attack possibilities here are only limited by a threat actor’s imagination."
