"The EngageLab SDK is a popular push notification tool used by many Android apps. By integrating with apps, developers save time building such a feature from scratch."
"Because the tool sits deep within the app's security sandbox, its critical location grants it access to the host app's internal files and data, as well as every user permission the app has."
"Microsoft calls the vulnerability an 'intent-based' flaw, allowing malicious external apps to send harmful messages that are misread as legitimate internal commands."
The EngageLab SDK, a widely used push notification tool in Android apps, has a critical vulnerability that allows external malicious apps to send harmful messages. This flaw arises from the SDK's processing of app-to-app messages, misinterpreting them as legitimate commands. Although the vulnerability has been patched, many apps were still using the vulnerable version, exposing over 50 million users. The SDK operates within the app's security sandbox, granting it extensive access to internal files and user permissions, which makes its flaws particularly dangerous.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]