Skip to main content

Featured Post

AMD to invest $400 million in India by 2028: Here’s what we know

US chipmaker Advanced Micro Devices said on Friday it will invest around $400 million in India over the next five years and will build its largest design center in the tech hub of Bengaluru. AMD’s announcement was made by its Chief Technology Officer Mark Papermaster at an annual semiconductor conference that started Friday in Prime Minister Narendra Modi’s home state of Gujarat. Other speakers at the flagship event include Foxconn Chairman Young Liu and Micron CEO Sanjay Mehrotra. Despite being a late entrant, the Modi government has been courting investments into India’s nascent chip sector to establish its credentials as a chipmaking hub. AMD said it will open its new design centre campus in Bengaluru by end of this year and create 3,000 new engineering roles within five years. “Our India teams will continue to play a pivotal role in delivering the high-performance and adaptive solutions that support AMD customers worldwide,” Papermaster said. The new 500,000-square-foot (55,5...
1 comment
Read more
Labels

Bumble, OkCupid, and more Android apps are vulnerable to major security flaw

Beware, an old security flaw is putting users’ data at risk. According to a recent report by research firm CheckPoint, Android apps such as Grindr, Bumble, OKCupid, Cisco Teams, Yango Pro, Edge, Xrecorder, PowerDirector, and many others are vulnerable to an old Play Core library flaw. The report stated that the security flaw puts hundreds of millions of Android users’ data at risk.

This security flaw was reportedly been patched by Google earlier this year, in April. However, for the flaw to be fixed in all affected apps, the app developers will need to install the new Play Core library, which the aforementioned popular Android apps like Grindr, Bumble, OKCupid, Cisco Teams, Yango Pro, Edge, Xrecorder, PowerDirector, among others have not done.

This negligence puts users’ of these apps at high risk. The report suggests that all these apps are still on the old Play Core library version apart from Viber and Booking apps, which were recently updated. Google rated the flaw an 8.8 out of 10 in severity.

Check Point stated that the affected apps are still vulnerable to the vulnerability CVE-2020-8913. According to the report, the flaw is rooted in Google’s widely used Play Core library that allows developers push in-app updates and new feature modules to their Android apps. The report further noted that the security flaw lets a hacker steal sensitive user data such as login details, passwords, financial details, and email.

According to Check Point, 13 percent of Google Play apps analysed by them in September used the Google Play Core library while 8 percent of those apps continued to have a vulnerable version. It is suggested that users must uninstall these apps until they fix the security flaw.

Commenting on the matter Manager of Mobile Research, Check Point, Aviran Hazum said, “We’re estimating that hundreds of millions of Android users are at security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries. The vulnerability CVE-2020-8913 is highly dangerous. If a malicious application exploits this vulnerability, it can gain code execution inside popular applications, obtaining the same access as the vulnerable application. For example, the vulnerability could allow a threat actor to steal two-factor authentications codes or inject code into banking applications to grab credentials. Or, a threat actor could inject code into social media applications to spy on victims or inject code into all IM apps to grab all messages. The attack possibilities here are only limited by a threat actor’s imagination.”



from BGR India https://ift.tt/37IZ4cn
via IFTTT
Email Post
Labels:

Comments

Post a Comment

add