Unpatched Android vulnerability StrandHogg exploited from Android 6.0 to Android 10

»Bad news for Android users who installs a lot of apps on their devices. There is an unpatched Android vulnerability called StrandHogg. This vulnerability is already being exploited by malicious apps.«

»The vulnerability is strange:

  • All versions of Android, including Android 10, are affected, there is no patch.
  • Basically, all 500 of the most popular Android apps are vulnerable.
  • There is already malware that exploits the vulnerability.
  • 36 malicious apps that exploit the vulnerability have been identified.
  • The vulnerability can be exploited without root access.

The Permission Harvesting Exploit is only possible from Android 6.0 (but up to Android 10).«

Source: Günter Born · Born’s Tech and Windows World