Microsoft discovers serious bugs in Android apps

Security Bugs and Antivirus Updates Microsoft has discovered four vulnerabilities in a framework used by some apps pre-installed by carriers on Android devices.

Microsoft has discovered four serious vulnerabilities in a mce Systems framework used by several carriers in apps pre-installed on Android devices. With the elevated privileges of apps, you can run remote code and steal sensitive information. All bugs have been fixed by the interested parties. The issue once again highlights the need to use a security solution that blocks malware. Little security in pre-installed apps Microsoft experts have discovered that mce Systems' framework has a service that could be invoked to exploit vulnerabilities, allowing the installation of backdoors and taking control of the device. The framework is used in pre-installed apps as a diagnostic tool to identify any problems, so it can access various resources, including audio, camera, and storage. Some of the aforementioned apps, also distributed through the Google Play Store, were developed by AT&T, Telus, Rogers Communications, Bell Canada and Freedom Mobile. Being pre-installed apps and therefore part of the operating system image, users cannot delete them without root permissions. Unfortunately, this type of bug is not detected by Google Play Protect technology. The four vulnerabilities are identified as CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601. All the apps examined (Microsoft has not provided their names) perform "browsable" activities that can be exploited to display infected web pages. Through a backdoor it would be possible to access the microphone, camera, storage, connectivity, geographical location, sensors, settings, installed apps, phone number and contacts. The Redmond company has reported the presence of the vulnerabilities to mce Systems which has proceeded to release the patches in collaboration with the affected telephone operators. This article contains affiliate links: purchases or orders placed through such links will allow our site to receive a commission.