Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum

News 

Critical Flaw Discovered in Fortnite Android APP

0 Replies, 1331 Views

[Image: images?q=tbn:ANd9GcQV6Ie3Md8XXXa1qcojlB6...Pw_ugkABdp]

      Security researchers from Google have recently disclosed a dangerous flaw in the very first Android installer for the popular video game Fortnite. This flaw allows other apps installed on the phone to manipulate the installation processes and run malicious programs, and not the Fornite APK.

     Researchers warned Epic Games that making their game available through the google play store and not through their own app, would require users to disable important security features to help in installing the APK. These warnings turned out to be true.

     In a video published by Google, they showed how a "Man-In-The-Disk" attack vector, in short, this type of attack allows malicious app to alter the data of other apps held in unguarded external storage before they read it, this leads to the installation of undesired apps instead of the original apps.

     For those who are not aware, to install the Fortnite app on an Android phone, the user needs to install a helper app, to "help" install the Fortnite APK. What was discovered was that any app on an Android  phone with the WRITE_EXTERNAL_STORAGE permission could intercept the installation file with malicious APKs.

    With these malicious APKs, an attacker could have access to user SMS, call history, GPS, even the camera.

    Epic Games recommended their users to update their installers to the latest version, 2.1.0. It is unclear whether the flaw was exploited in the wild.


---Sh7nk-Z0id
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011

Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Update Windows 10 to patch critical vulnerability in Microsoft store games News 0 1,667 11-06-2020, 04:22 AM
Last Post: News
Star News APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elect News 0 1,769 10-10-2020, 07:06 AM
Last Post: News
Star News Google warns of security holes in other vendors’ Android phones News 0 1,435 10-05-2020, 09:13 AM
Last Post: News
Big Grin News Researchers Warn of High-Severity Dell PowerEdge Server Flaw Mr.Kurd 0 1,600 07-29-2020, 11:42 AM
Last Post: Mr.Kurd
Star News A Study of the top 150,000 Android Apps Reveals 12,706 to Contain a Variety of Backdo Mr.Kurd 0 1,660 04-10-2020, 02:48 PM
Last Post: Mr.Kurd
Smile News Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users Mr.Kurd 0 1,693 04-10-2020, 02:46 PM
Last Post: Mr.Kurd
Sad News Critical RCE Bug in WordPress Plugin Let Hackers Gain Admin Access on 200,000 Website Mr.Kurd 0 1,500 04-01-2020, 11:19 AM
Last Post: Mr.Kurd
Question News Critical Remote Code Execution Bug in Linux Based OpenWrt OS Affects Millions of Netw Mr.Kurd 0 1,647 03-25-2020, 08:11 AM
Last Post: Mr.Kurd
Big Grin News Beware of Android Coronavirus Tracker app that Lock’s Your Device & Asks Ransom Payme Mr.Kurd 0 1,749 03-18-2020, 09:10 AM
Last Post: Mr.Kurd
Question News New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts Mr.Kurd 0 1,518 03-13-2020, 11:15 AM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)