Microsoft researchers discover serious security vulnerabilities in big-name Android apps
The Microsoft 365 Defender Research Team has shared details of several high-severity vulnerabilities found in a mobile framework used in popular apps associated with a number of big names.
The framework is owned by mce Systems, and is used in apps from numerous mobile providers. The apps -- from the likes of AT&T, Rogers Communications and Bell Canada -- are often pre-installed on Android handsets, but they have also been downloaded millions of times. If exploited, the vulnerabilities allow for local or remote attacks, including command injection and privilege escalation attacks.