""This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender Security Research Team said in a report published today."
""The issue, identified in version 4.5.4, has been described as an intent redirection vulnerability. Intents in Android refer to messaging objects that are used to request an action from another app component.""
""An attacker could exploit this vulnerability by means of a malicious app installed on the device through some other means to access internal data.""
A vulnerability in EngageLab SDK, a widely used Android software development kit, could have compromised millions of cryptocurrency wallet users. This flaw allowed apps on the same device to bypass Android's security sandbox, gaining unauthorized access to private data. The SDK, which offers push notification services, is integrated into many apps, particularly in the cryptocurrency ecosystem, with over 30 million installations. The vulnerability, identified in version 4.5.4, was addressed in version 5.2.1 after responsible disclosure. Affected apps have been removed from the Google Play Store.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]