Microsoft Security has written a lengthy post on high-severity vulnerabilities found in a mce Systems mobile framework. The company points out that numerous major mobile service providers use this framework within their Android System apps that come pre-installed on devices.
In other words, these devices are at risk of local or remote attacks. Microsoft Security says the apps have millions of downloads as well as being pre-installed. Like all inbox apps, the vulnerable applications have more privileges than normal, allowing attackers to potentially reach system configuration.
It is worth noting that Microsoft says every app has been fixed by the relevant developer. So, if you are on the latest version, you are safe. As always, the risk here is with users who have not updated and are still running a vulnerable version.
As with most pre-installed apps on Android, the vulnerable applications cannot be fully removed. In fact, some cannot even be entirely disabled. It is one of the worst parts of using the OS, which is why OEMs that keep bloatware to a minimum (not you, Samsung) win praise.
Even so, the mobile framework apps are often important but once on the system pre-installed the only way to remove them is through root access. Microsoft says it worked directly with mce Systems to identify the issues on the framework, which mobile service providers were affected, and to issue fixes.
According to Microsoft, this quick action and collaboration is fundamental to success in preventing cyberattacks:
“Collaboration among security researchers, software vendors, and the security community is important to continuously improve defenses for the larger ecosystem. As the threat and computing landscape continues to evolve, vulnerability discoveries, coordinated response, and other forms of threat intelligence sharing are paramount to protecting customers against present and future threats, regardless of the platform or device they are using.”
You can read all the details of Microsoft’s discovery and risk the vulnerabilities posed in the source’s complete blog post.
Tip of the day: It’s a good idea to backup your computer on a regular basis, and the most fool-proof way is to manually create a disk image and save it to an external hard drive.