This vulnerability could enable a malicious app to overwrite arbitrary files in the vulnerable apps home directory.
He added, Arbitrary code execution can provide a threat actor with full control over an applications behavior.
Meanwhile, token theft can provide a threat actor with access to the users accounts and sensitive data.
The discovery affected multiple vulnerable apps in the Google Play Store, representing over four billion installations.
Two of the apps found vulnerable to the problem included Xiaomi Inc.
File Manager (com.mi.
For instance, the Xiaomi, Inc. and WPS Office security teams have already investigated and fixed the issue.
Hence, it recommends that all developers analyse its research and ensure that their products are not affected.
We anticipate that the vulnerability pattern could be found in other applications.
source: www.techworm.net
