News

Android version Fortnite had vulnerability for ‘man-in-the-disk’ attack

By admin
Spread the love

Google discovered that the installation file for Fortnite on Android contained a vulnerability that allowed installed apps to download and install software undetected. The vulnerability has since been fixed.

The error in the installation file was reported by a Google employee on his issue tracker about two weeks ago. The forum shows the correspondence between Google and Fortnite maker Epic Games; this shows that the problem has now been solved, and that an update has been made in the installer. Users who have version 2.10 of the installer on their device are protected against the vulnerability.

The flaw allowed any app already installed on the smartphone to download software in the background undetected. Apps could also be installed unnoticed, and they could also be given all possible permissions. It is a so-called ‘man-in-the-disk’ attack, something that was also recently shown during the Def Con security conference. The already installed app that installs software unnoticed must already have permissions to write to the external storage on the Android device.

It uses Android’s external storage to penetrate the sandbox of apps and install a malicious app, for example. Although the Android guidelines state that app developers should use this storage with the necessary security measures, this does not seem to have happened in the case of Fortnite initially.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

Exit mobile version