Home » Technology » Microsoft finds serious bugs in pre-installed Android apps

Microsoft finds serious bugs in pre-installed Android apps

Microsoft draws attention to an issue caused by serious security vulnerabilities in pre-installed Android apps. The apps are applications used by mobile network providers worldwide. This is from a new one Report by beeping computer from. Microsoft security researchers have found serious vulnerabilities in a framework used by Android apps from several major international wireless carriers.

These include AT&T, TELUS, Rogers Communications, Bell Canada, and Freedom Mobile – it is currently unclear whether carriers in Europe will also be affected. Researchers have found the vulnerabilities (CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601) in a mce Systems mobile framework that leaves users vulnerable to command input and privilege escalation. to attack.

The vulnerable applications have been downloaded millions of times from the Google Play Store and preinstalled as system applications on devices sold by affected telecom operators. “The apps were embedded in the system image of the devices, suggesting that they were standard applications installed by the phone carriers,” security researchers Jonathan Bar Or, Sang Shin Jung, Michael Peck, Joe Mansour, and Apurva Kumar told Microsoft 365 Defender Research Team. their report. vulnerability statement.

Problem with uninstalling

“All apps are available on the Google Play Store and go through Google Play Protect’s automatic security checks, but so far they haven’t checked for these kinds of issues. As with many pre-installed or standard applications that most Android devices come with these days, they can some of the affected apps are not completely removed or disabled without root access to the device”, warn the Microsoft researchers Microsoft has reported the vulnerabilities to the carriers and they are said to have fixed the bugs.

Apart from that, however, according to Microsoft Research, there are other apps that use the same flawed framework and are therefore vulnerable to the security loopholes and are still available on the Play Store.