1. Tsepz_GP's Avatar
    Are BlackBerry Androids also affected by these?
    CamScanner is an app I know many people in my own personal circle use.


    For the majority of Android users, the monthly security update is a snooze-fest since it doesn't make any changes or add new features that they can see or use. But the problem is that the December security update is important because of a vulnerability known as CVE-2019-2232. According to the NIST National Vulnerability Database (via Forbes), a maliciously written message could result in a permanent denial of service attack that would brick a phone running Android 8, 8.1, 9, or 10. The December Android security update includes a patch for CVE-2019-2232 which means that if the update has been sent to your phone, install it immediately. But again, the real problem is that only a limited number of devices have it at the moment. The update was first disseminated on December 2nd and Google says, "In general, it takes about one and a half calendar weeks for the OTA to reach every Google device." And that is just for the Pixel handsets.

    With "StrandHogg," an Android user would click on the icon belonging to a legit app. Instead of the legit app, malware would be displayed asking for certain permissions. Once these permissions were granted by the unsuspecting Android user, the hacker was given the green light to hack away. This vulnerability could unleash a phishing attack allowing the bad actor to obtain important personal data.

    Google recently announced that it was teaming up with some security firms (including the aforementioned Lookout) in an attempt to fight back against malware. Hopefully, the App Defense Alliance can get one step ahead of the bad actors. The security research firms typically contact Google with their findings and the company closes these vulnerabilities. However, with StrandHogg, Promon notes that Google did not take it seriously at first and while it eventually removed the apps responsible for distributing the malware, this vulnerability has apparently not been fixed. And many of the "dropper apps" that helped spread StrandHogg are still on Android users' phones. One, a PDF creator app named CamScanner, has been installed over 100 million times.
    12-08-19 01:05 PM
  2. Ecm's Avatar
    12-08-19 01:11 PM

Similar Threads

  1. Latest Android vulnerabilities can brick your phone, control the camera, and steal your cash
    By John Albert in forum General BlackBerry News, Discussion & Rumors
    Replies: 87
    Last Post: 12-23-19, 05:42 PM
  2. KEY2 on AT&T minor error in Phone "additional settings"
    By classact in forum BlackBerry KEY2
    Replies: 30
    Last Post: 12-11-19, 09:48 AM
  3. the OTG device can't be used
    By kuje75 in forum BlackBerry KEY2
    Replies: 2
    Last Post: 12-09-19, 08:31 PM
  4. Save 75% on Bitport.io and torrent securely on all your devices
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 0
    Last Post: 12-08-19, 10:40 AM
  5. will the BlackBerry keyone have any more updates?
    By CrackBerry Question in forum Ask a Question
    Replies: 3
    Last Post: 12-08-19, 09:33 AM