image credit: Unsplash

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library. The vulnerability is rated 8.8 out of 10.0 and impacts Android’s Play Core Library versions prior to 1.7.2.

A threat actor could create an apk to targets a specific application. Upon installing the apk, the attacker could perform a broad range of malicious activities, including execute code as the targeted application and access the targeted application’s data on the victims’ Android devices.

Read More on Security Affairs