A number of high-profile Android apps are still using an unpatched version of Google’s widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking.
Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit, Yango Pro, Microsoft Edge, Xrecorder, and PowerDirector, are still vulnerable and can be hijacked to steal sensitive data, such as passwords, financial details, and e-mails.
The bug, tracked as CVE-2020-8913, is rated 8.8 out of 10.0 for severity and impacts Android’s Play Core Library versions prior to 1.7.2.
Although Google addressed the vulnerability in March, new findings from Check Point Research show that many third-party app developers are yet to integrate the new Play Core library into their apps to mitigate the threat fully.
“Unlike server-side vulnerabilities, where the vulnerability is patched completely once the patch is applied to the server, for client-side vulnerabilities,…