»Bad news for Android users who installs a lot of apps on their devices. There is an unpatched Android vulnerability called StrandHogg. This vulnerability is already being exploited by malicious apps.«
»The vulnerability is strange:
- All versions of Android, including Android 10, are affected, there is no patch.
- Basically, all 500 of the most popular Android apps are vulnerable.
- There is already malware that exploits the vulnerability.
- 36 malicious apps that exploit the vulnerability have been identified.
- The vulnerability can be exploited without root access.
The Permission Harvesting Exploit is only possible from Android 6.0 (but up to Android 10).«
Source: Günter Born · Born’s Tech and Windows World