Microsoft Discovers Critical Bugs in Android Apps Installed on Millions of Devices ,A framework used by pre-installed Android System apps with millions of downloads has four high severity vulnerabilities.

Threat actors might have leveraged the vulnerabilities, which have already been addressed by its Israeli creator MCE Systems, to launch remote and local attacks or be used as vectors to collect sensitive information by exploiting their vast system rights.

“Some of the impacted apps cannot be fully deleted or stopped without getting root access to the device, as it is with many of the pre-installed or default programs that most Android devices come with these days,” the Microsoft 365 Defender Research Team said in a report published Friday.

CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601, with CVSS scores ranging from 7.0 to 8.9, have been awarded to the vulnerabilities, which vary from command injection to local privilege escalation.

The full list of apps that use the vulnerable framework in question, which is supposed to provide self-diagnostic methods to identify and fix issues affecting an Android device, was not released by Microsoft.

This also meant that the framework had broad access permissions to carry out its functions, including audio, camera, power, location, sensor data, and storage.
When combined with the service’s flaws, Microsoft believes it might allow an attacker to install persistent backdoors and take control.

Telus, AT&T, Rogers, Freedom Mobile, and Bell Canada are among the main international mobile service providers whose apps are affected.

Device Checkup at the Mobile Klinik (com.telus.checkup)

Freedom Device Care (com.freedom.mlp.uat), Device Help (com.att.dh), MyRogers (com.fivemobile.myaccount), and Device Content Transfer (com.ca.bell.contenttransfer)

Additionally, Microsoft advises users to check their phones for the software package “com.mce.mceiotraceagent” – an app that may have been installed by mobile phone repair shops — and remove it if detected.

Although pre-installed by phone providers, the vulnerable apps are also available on the Google Play Store, where they are said to have passed the app storefront’s automatic safety checks without raising any red flags because the process was not designed to look for these issues, which has since been fixed.

Share.

Leave A Reply