Android has taken a downfall this week as two vulnerabilities were disclosed and malicious apps were downloaded. Updates have been released but many Android devices are still not eligible for the update, giving attackers more time to exploit devices.
These are the bugs that were disclosed:
- CVE 2016-3861 – allows attacker to execute malware on vulnerable phones. It is not indicated which Android version it is on but it is suggested to be on the most recent releases.
- CVE 2016-3862 – exploited by sending a maliciously formatted jpeg image. For example, malicious code can be embedded in an image and sent through Gmail or Google talk.
- DressCode – this app was likely used to generate fraudulent clicks on ads
- CallJam – this app contained code that redirected phones to malicious websites made to generate fraudulent revenue
Although there are updates being released to save users from these issues, you should still take precaution when downloading certain apps on Android devices.