HT TECH wants to start sending you push notifications. Click allow to subscribe

Some Android apps like Grindr, OkCupid, Bumble etc are vulnerable to major security flaw, says Check Point

The vulnerability puts users’ private data like login details, mail ID, passwords, financial details etc at risk and exposed for potential cyber theft.

By: HT TECH
Updated on: Aug 21 2022, 00:20 IST
The vulnerability called CVE-2020-8913 makes it possible for hackers to add executable modules to any apps using the Play Core library. (Pixabay)
The vulnerability called CVE-2020-8913 makes it possible for hackers to add executable modules to any apps using the Play Core library. (Pixabay)

There is a major security flaw rooted in the Google Play Core library that is still plaguing many Android apps according to Check Point Software Technologies. Popular apps like Bumble, Grindr, OkCupid, Cisco Teams etc are a part of this vulnerable list going by a recent report.

As per the analysis done by the security researchers at Check Point, the bug that Google had fixed in April 2020 is still affecting many apps and the app developers have not fixed the flaw on their end yet. This is putting millions of users at risk.

You may be interested in

Mobiles Tablets Laptops
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
₹115,999₹149,999
Buy now
24% OFF
Google Pixel 128GB
  • Black
  • 4 GB RAM
  • 128 GB Storage
₹64,990₹84,999
Buy now
16% OFF
Google Pixel 7 Pro 5G
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
₹63,490₹75,999
Buy now
Samsung Galaxy S23 5G
  • Green
  • 8 GB RAM
  • 128 GB Storage
₹57,999
Check details
21% OFF
Acer Swift Go SFG14 41 NX KG3SI 002 Laptop
  • Pure Silver
  • 8 GB RAM
  • 512 GB SSD
₹58,990₹74,999
Buy now
39% OFF
Acer Aspire 5 A515 57G Laptop
  • Gray
  • 16 GB RAM
  • 512 GB SSD
₹54,949₹89,999
Buy now
22% OFF
Acer Aspire 3 A315 24 NX KDESI 004 Laptop
  • Silver
  • 8 GB RAM
  • 512 GB SSD
₹33,499₹42,999
Buy now
39% OFF
Asus VivoBook 15 X515JA BQ322WS Laptop
  • Transparent Silver
  • 8 GB RAM
  • 512 GB SSD
₹31,490₹51,990
Buy now
34% OFF
Xiaomi Pad 6
  • Mist Blue
  • 6 GB RAM
  • 128 GB Storage
₹26,299₹39,999
Buy now
55% OFF
Lenovo Tab M10 5G
  • Abyss Blue
  • 6 GB RAM
  • 128 GB Storage
₹20,999₹47,000
Buy now
32% OFF
Realme Pad 2
  • Imagination Grey
  • 6 GB RAM
  • 128 GB Storage
₹19,790₹28,999
Buy now
Honor Pad X9
  • Gray
  • 4 GB RAM
  • 128 GB Storage
₹14,999
Check details

The vulnerability is called CVE-2020-8913 and it allows hackers to inject a malicious code into vulnerable apps and then execute the code to get access to all the resources in the app. It is then used to steal sensitive data from other apps on the same device, said Check Point.

The vulnerability puts users’ private data like login details, mail ID, passwords, financial details etc at risk and exposed for potent cyber theft.

Also Read: Facebook just fixed a bug that lets hackers snoop into your Messenger calls

CVE-2020-8913 is rooted in Google’s Play Core library that is widely used. The Play Core library allows developers to push in-app updates to the apps. When Google had fixed the problem earlier in April this year, developers had to install a new Play Core library to make the CVE-2020-8913 vulnerability go away.

However, the vulnerability remained and was reported by researchers at Oversecured in August. Google rated the flaw severity at an 8.8 on 10.

CVE-2020-8913 makes it possible for hackers to add executable modules to any apps using the Play Core library. So, arbitrary codes can be executed with malicious intent. A malware app can be installed on a device this way to steal private information and also read mails.

Also Read: Hackers could have gotten full access to photos, DMs thanks to this Instagram vulnerability

Many popular apps appear to have the CVE-2020-8913 vulnerability including Grindr, Bumble, Viberm OKCupid, Cisco Teams, PowerDirector, Yango Pro, Edge, Xrecorder etc. In September, 13% of the apps on Google Play that were using Google’s Play Core library, as analysed by Check Point and out of these 8% were still using the vulnerable version. Viber and Booking have now updated to new patched versions but the other apps have not yet.

For the threat to actually be removed, developers need to push the patch themselves. The security firm has notified all the apps about the CVE-2020-8913 vulnerability and has informed them that they need to update the Play Core library to be safe.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on ,Twitter, Facebook, , and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 08 Dec, 09:16 IST

Sale

Mobiles Tablets Laptops
4% OFF
Samsung Galaxy S24 Ultra
  • Titanium Black
  • 12 GB RAM
  • 256 GB Storage
₹129,999₹134,999
Buy now
5% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
₹137,990₹144,900
Buy now
13% OFF
Xiaomi 14
  • Matte Black
  • 12 GB RAM
  • 512 GB Storage
₹69,999₹79,999
Buy now
8% OFF
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage
₹82,600₹89,900
Buy now
33% OFF
Xiaomi Pad 6
  • Mist Blue
  • 6 GB RAM
  • 128 GB Storage
₹26,999₹39,999
Buy now
50% OFF
Lenovo Tab M10 5G
  • Abyss Blue
  • 6 GB RAM
  • 128 GB Storage
₹17,949₹36,000
Buy now
30% OFF
Realme Pad 2
  • Imagination Grey
  • 6 GB RAM
  • 128 GB Storage
₹20,339₹28,999
Buy now
50% OFF
Samsung Galaxy Tab A7 Lite
  • Silver
  • 3 GB RAM
  • 32 GB Storage
₹9,900₹19,999
Buy now
23% OFF
Infinix INBook X1 Neo XL22 Laptop Intel Celeron Quad Core 8 GB 256 GB SSD Windows 11
  • Blue
  • 4 GB RAM
  • 128 GB SSD
₹22,990₹29,990
Buy now
33% OFF
Asus VivoBook Pro 15 OLED K6500ZC L501WS Laptop
  • Quiet Blue
  • 16 GB RAM
  • 512 GB SSD
₹64,982₹96,990
Buy now
31% OFF
HP ZBook Firefly 14 G9 7M3U0PA Laptop
  • Nouvelle Silver
  • 16 GB RAM
  • 1 TB SSD
₹89,900₹129,999
Buy now
24% OFF
Asus ROG Zephyrus G14 GA401QM K2268TS Laptop
  • Moonlight White with AniMe Matrix
  • 16 GB RAM
  • 1 TB SSD
₹152,990₹201,990
Buy now
NEXT ARTICLE BEGINS