Android is most vulnerable to malware attacks and there are some cheap models which include some pre-installed apps which can exploit the smartphone. But what about those apps which are highly popular and downloaded by millions of Android customers? Those are also not safe completely, revealed cybersecurity researchers.
On Thursday, researchers at security firm Check Point Research stated that they found vulnerabilities in the latest versions of some famous apps, available on Google Play. This list includes some unexpected and big-fat names like Facebook and Instagram. Earlier, the flaws found in these world-famous apps were believed to have been patched but the experts found that the cybercriminals can still execute code on the latest versions of the apps.
Researchers at the security firm claimed that threat actors can gain administrative control over the apps. They stated that the scariest part is, the hackers can steal and alter posts on the social media giant Facebook, extract location details from Instagram and read SMS messages in WeChat.
To see the result the company studied about these vulnerabilities, they examined the latest versions of these highly popular mobile apps for three known remote control execution (RCE) vulnerabilities from 2014 to 2016.
Researchers said each of these vulnerabilities was assigned two signatures and then they ran its static engine to examine hundreds of mobile applications, available in Play Store to identify vulnerable code in the latest versions. However, they found what they had suspected. The code was claimed to patch earlier, but it is still present in the latest versions of popular mobile applications.
In a blog post, the team of Check Point Research said, "Mobile app stores and security researchers do proactively scan apps for malware patterns, but devote less attention to long-known critical vulnerabilities. Unfortunately, this means there's not much the end-user can do to keep his mobile device fully secure," adding that they have informed the app developers as well as Google about the vulnerabilities.