Skip to main content

Serious security bugs put millions of Android devices at risk

A couple of high-severity vulnerabilities were recently discovered in a mobile framework serving the Android operating systems, putting millions of people at risk.

The Microsoft 365 Defender Research Team, which discovered the flaws in September last year, says they could have been used to launch serious attacks on target devices, resulting in data theft and partial device takeover.

According to a new blog post, Microsoft "uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks".

The vulnerabilities are being tracked as CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601, with severity scores ranging from 7.0 to 8.9 out of 10.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Taking over the device

Further detailing its findings, Microsoft said the mobile framework includes a service that could be leveraged to “allow adversaries to implant a persistent backdoor or take substantial control over the device".

The company notified both mce Systems and affected mobile service providers (some of which are  “international”), and teamed up with them to work on a fix. All of the vulnerabilities have now been addressed, the blog states. 

"We worked closely with mce Systems’ security and engineering teams to mitigate these vulnerabilities," Microsoft said, "which included mce Systems sending an urgent framework update to the impacted providers and releasing fixes for the issues. At the time of publication, there have been no reported signs of these vulnerabilities being exploited in the wild".

Google also pitched in, updating its Play Protect service to cover off the attack vectors.

While Microsoft says there is no evidence of the flaws being exploited in the wild, it did add that there could be more undiscovered providers affected by the flaw, including “several mobile phone repair shops” that might have installed vulnerable apps on people’s endpoints.



Source: TechRadar

Popular posts from this blog

How to get the Microsoft experience on a Chromebook

Microsoft's dedication to Android translates to a great Chrome OS experience, too. Once upon a time, to get the best experience for Microsoft services, you needed to buy a Windows laptop . If you were on a budget laptop with lower specs, though, performance was slow, all tasks were tedious, and your productivity suffered. These days, though, the best Chromebooks offer excellent performance and less maintenance at lower price points. Thanks to the way Microsoft has worked to improve Microsoft apps and services across all platforms — from Macs to Android tablets to phones — you can still get most of the Microsoft goodies on a Chromebook. In fact, if you're on a tight computer budget, a Chromebook could be the best machine for Microsoft users — something even Microsoft acknowledges as it preps Windows 10X to better compete with Chrome OS. From productivity to playing games, here's how to get the best Microsoft experience on a Chromebook. Best of Microsoft on Chromeb

FCC approves broadband 'nutrition labels' to help you shop for internet

The FCC is pushing nutrition labels for internet providers. What you need to know The FCC has voted to move forward with new rules for ISPs to display nutrition labels. The proposed rulemaking would mandate ISPs to display relevant speed and pricing information to consumers. This should make it easier for consumers to make an informed decision on their broadband. The FCC voted unanimously on a plan that would allow consumers to make better decisions about their broadband internet. The proposal will require internet service providers (ISPs) - including many of the best wireless carriers in the U.S. — to display "nutrition labels" that display relevant service information for consumers at point-of-sale. This includes internet speeds, allowances, and clear information on rates. "If you walk into any grocery store and pull boxes of cereal from the shelves, you can easily compare calories and carbohydrates," FCC Chair Jessica Rosenworcel said in a statemen

Follow these steps to connect a Pro Controller to your Android phone

Playing games on your smartphone is one of the best ways to entertain yourself. However, it can be tough to play with some games when you're just tapping on a screen. Fortunately, it's possible to sync up a traditional controller. That's where it's nice to connect your Nintendo Switch Pro Controller and get playing on the best gaming phones . By the way, the Playstation 4 controller as well as the Xbox One controller are also compatible with Android devices, if you'd prefer to use one of those. Note: You will only be able to use a Pro Controller if your phone is running Android 10 and if the game you're playing supports controllers. Additionally, the process for syncing the controller with your phone will be different from one phone to the next. How to use Switch controller on Android: Sync Pro Controller to your phone via Bluetooth Do keep in mind that some Android games — including some of the most popular titles like Genshin Impact — don't act

Duke Nukem is getting a movie from some guys who could actually pull it off

The one true Duke. I wouldn’t be surprised if you have no idea who Duke Nukem even is — that’s how hard the classic video game franchise cratered a decade ago. Today, the character is mostly known as a punchline for video game vaporware jokes, about how Duke Nukem Forever spent 14 years in development hell only to become a huge flop. And yet for years now, Duke’s corporate owners have been whispering that a movie is coming, culminating in The Hollywood Reporter ’s story today : Legendary Entertainment has tapped Cobra Kai creators Josh Heald, Jon Hurwitz and Hayden Schlossberg to actually produce a feature film. I don’t quite know how to react! As a gamer who actually quite liked Duke Nukem , Duke Nukem II and Duke Nukem 3D, I absolutely agree that this movie should never be made because Duke Nukem has no depth and no story and was always designed to be a caricature . (Side note: the famous quote about coming to kick ass and chew bubblegum and being all out of gum? Like most