Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Devices

Microsoft has found out four high severity bugs in pre-installed Android System apps with millions of downloads. The company also announced that the issue is now fixed. However, the issues could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system privileges.

Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Devices

See Also: Microsoft Announces the Final Version of Windows 11

“As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device,” the Microsoft 365 Defender Research Team said in a report.

Microsoft didn’t disclose the complete list of apps that use the vulnerable framework in question. However, the framework had broad access permissions, including that of audio, camera, power, location, sensor data, and storage, to carry out its functions.

Some of the affected apps are from large international mobile service providers such as Telus, AT&T, Rogers, Freedom Mobile, and Bell Canada –

• Mobile Klinik Device Checkup
• Device Help
• MyRogers
• Freedom Device Care
• Device Content Transfer

Additionally, Microsoft is recommending users lookout for the app package and remove it from their phones, if found.

It is worth mentioning here that, the susceptible apps are also available on the Google Play Store. These apps have already passed the app storefront’s automatic safety checks without raising any red flags. The reason is that the safety check process does not lookout for these issues.

Check Also: Microsoft Power Pages Allow you to Design Secure & Low-code Business Websites