Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 2 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Critical Flaw Discovered in Fortnite Android APP
#1
[Image: images?q=tbn:ANd9GcQV6Ie3Md8XXXa1qcojlB6...Pw_ugkABdp]

      Security researchers from Google have recently disclosed a dangerous flaw in the very first Android installer for the popular video game Fortnite. This flaw allows other apps installed on the phone to manipulate the installation processes and run malicious programs, and not the Fornite APK.

     Researchers warned Epic Games that making their game available through the google play store and not through their own app, would require users to disable important security features to help in installing the APK. These warnings turned out to be true.

     In a video published by Google, they showed how a "Man-In-The-Disk" attack vector, in short, this type of attack allows malicious app to alter the data of other apps held in unguarded external storage before they read it, this leads to the installation of undesired apps instead of the original apps.

     For those who are not aware, to install the Fortnite app on an Android phone, the user needs to install a helper app, to "help" install the Fortnite APK. What was discovered was that any app on an Android  phone with the WRITE_EXTERNAL_STORAGE permission could intercept the installation file with malicious APKs.

    With these malicious APKs, an attacker could have access to user SMS, call history, GPS, even the camera.

    Epic Games recommended their users to update their installers to the latest version, 2.1.0. It is unclear whether the flaw was exploited in the wild.


---Sh7nk-Z0id
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Big Grin News Researchers Warn of High-Severity Dell PowerEdge Server Flaw Mr.Kurd 0 238 07-29-2020, 11:42 AM
Last Post: Mr.Kurd
Star News A Study of the top 150,000 Android Apps Reveals 12,706 to Contain a Variety of Backdo Mr.Kurd 0 400 04-10-2020, 02:48 PM
Last Post: Mr.Kurd
Smile News Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users Mr.Kurd 0 346 04-10-2020, 02:46 PM
Last Post: Mr.Kurd
Sad News Critical RCE Bug in WordPress Plugin Let Hackers Gain Admin Access on 200,000 Website Mr.Kurd 0 314 04-01-2020, 11:19 AM
Last Post: Mr.Kurd
Question News Critical Remote Code Execution Bug in Linux Based OpenWrt OS Affects Millions of Netw Mr.Kurd 0 371 03-25-2020, 08:11 AM
Last Post: Mr.Kurd
Big Grin News Beware of Android Coronavirus Tracker app that Lock’s Your Device & Asks Ransom Payme Mr.Kurd 0 438 03-18-2020, 09:10 AM
Last Post: Mr.Kurd
Question News New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts Mr.Kurd 0 313 03-13-2020, 11:15 AM
Last Post: Mr.Kurd
Shocked News Unpatched Wormable Windows SMBv3 RCE Zero-day Flaw Leaked in Microsoft Security Updat Mr.Kurd 0 421 03-12-2020, 09:39 AM
Last Post: Mr.Kurd
Exclamation News NordVPN Patched a Flaw In Their Payments Platform That Exposed Users’ Details Mr.Kurd 0 388 03-09-2020, 05:34 PM
Last Post: Mr.Kurd
Exclamation News Vulnerabilities In Top Free Android VPN Apps Risk Over 120 Million Users Mr.Kurd 0 359 03-02-2020, 08:36 PM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)