A critical security issue has been discovered by the Japanese Vulnerability Notes (JVN) with the Kyocera Android printing app.
The security flaw has been tracked as CVE-2023-25954. Specifically, the app is at risk of improper intent handling, which could enable malicious applications to exploit the flaw.
This would allow it to download harmful malware onto devices, posing a significant threat to users.
In light of the aforementioned security issue, KYOCERA has taken swift action and released a security bulletin to inform users of the potential vulnerability.
Here below, we have mentioned the products that are affected:-
Android app “KYOCERA Mobile Print”, v184.108.40.206119, and earlier, it has 1 million downloads on Google Play.
Android app “UTAX/TA MobilePrint”, v220.127.116.11119, and earlier, it has 100k downloads on Google Play.
Android app “Olivetti Mobile Print”, v18.104.22.168119, and earlier, it has 10k downloads on Google Play.
Despite being published by different publishers, it has been discovered that all these three apps share the same source code.
This means the vulnerability impacts all three apps, regardless of their respective publishers. The bulletin urges all users of the affected printing app to upgrade to the latest version, 22.214.171.124227, which is readily available for download on Google Play.
For the successful execution of the attack, the user would also need to install a separate and malicious application on their device.
Here the secondary malicious app would be used to trigger the payload download, which will enable the vulnerability to be exploited. Besides this, a malicious app could be easily distributed that exploits this vulnerability.
Since it wouldn’t require any risky code to be included in it, or upon installation, it wouldn’t have to ask for suspicious permissions.
However, Android 14 is expected to have enhanced security for intent handling. As a result, it will reduce the associated risks and make it more difficult to hide the true nature of data exchanges.
Why do Organizations need Unified endpoint management –
Download Free E-books & Whitepapers
New Android Banking Malware Attacking Over 400 Financial Apps
Weaponized Telegram and WhatsApp Apps Attack Android & Windows Users
Beware! Fake ChatGPT Windows & Android Apps Deliver Dangerous Malware
PixPirate Android Malware Stealing Banking Passwords From Browsers
The post 1M Times Downloaded Android Printing App Can Be Abused to Drop Malware appeared first on Cyber Security News.
Leave a Reply