{"vulnerability": "CVE-2020-8913", "sightings": [{"uuid": "2c4de075-dfe7-4d9b-af59-105d2b895ae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "seen", "source": "https://t.me/alexmakus/3624", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Play Core \u043d\u0430 Android, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c \u0432\u043e\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043f\u0430\u0440\u043e\u043b\u0438 \u0438\u043b\u0438 \u043d\u043e\u043c\u0435\u0440\u0430 \u043a\u0440\u0435\u0434\u0438\u0442\u043d\u044b\u0445 \u043a\u0430\u0440\u0442) \u043d\u0430 \u0442\u043e\u043c \u0436\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435. \u0420\u0435\u0439\u0442\u0438\u043d\u0433 \u0431\u0430\u0433\u0430 \u043f\u043e \u0443\u0440\u043e\u0432\u043d\u044e \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u2014\u00a08.8 \u0438\u0437 10.0, Google \u0443\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0430\u043f\u0434\u0435\u0439\u0442 \u0441 \u0444\u0438\u043a\u0441\u043e\u043c. \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8913#range-5840182", "creation_timestamp": "2020-08-28T15:12:10.000000Z"}, {"uuid": "b4c25d64-8ecc-476a-bcb4-bb3323aa684c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "seen", "source": "https://t.me/arpsyndicate/2923", "content": "#ExploitObserverAlert\n\nCVE-2020-8913\n\nDESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-8913. A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.\n\nFIRST-EPSS: 0.001500000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-19T11:25:58.000000Z"}, {"uuid": "54aa9d95-539a-46c6-b4e5-5e2a06ee70d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "seen", "source": "Telegram/j5rbebtPsanioGrxzTQgfYKX4reBAHunyRv03FikobUCofv-", "content": "", "creation_timestamp": "2020-12-09T14:55:53.000000Z"}, {"uuid": "b5b5853b-9c29-44ef-b5c0-da696791f27c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "seen", "source": "https://t.me/arpsyndicate/1555", "content": "#ExploitObserverAlert\n\nCVE-2020-8913\n\nDESCRIPTION: Exploit Observer has 19 entries related to CVE-2020-8913. A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.\n\nFIRST-EPSS: 0.001500000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-08T12:07:00.000000Z"}, {"uuid": "1241cf34-6472-467b-86a5-9b6c1f328eb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "seen", "source": "https://t.me/arpsyndicate/1930", "content": "#ExploitObserverAlert\n\nCVE-2020-8913\n\nDESCRIPTION: Exploit Observer has 19 entries related to CVE-2020-8913. A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.\n\nFIRST-EPSS: 0.001500000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-18T06:30:16.000000Z"}, {"uuid": "d7b56248-807e-473e-b96c-f638d125a678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "published-proof-of-concept", "source": "https://t.me/information_security_channel/41443", "content": "Awesome Android Security\nhttps://kalilinuxtutorials.com/awesome-android-security/\n\nA curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG \u2013 Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android\u2019s Google Play Core Library: details, explanation and the PoC \u2013 CVE-2020-8913 Android: Access to app [\u2026]\nThe post Awesome Android Security (https://kalilinuxtutorials.com/awesome-android-security/) appeared first on Kali Linux Tutorials (https://kalilinuxtutorials.com/).", "creation_timestamp": "2020-11-04T17:37:16.000000Z"}, {"uuid": "bba6fb56-4fbe-419d-bf12-b74195d68708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "seen", "source": "https://t.me/true_secator/1221", "content": "Microsoft Edge \u0438 Cisco Webex Teams - \u044d\u0442\u043e Android \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u043d\u0435\u0441\u0442\u0438 \u0441\u043e \u0441\u0432\u043e\u0435\u0433\u043e \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u0430 \u043a\u0430\u0436\u0434\u044b\u0439 \u0432\u0435\u0440\u0443\u044e\u0449\u0438\u0439 \u0432 \u0431\u043e\u0433\u0430 \u0438\u043d\u0444\u043e\u0441\u0435\u043a\u0430. \u0415\u0441\u043b\u0438 \u0431\u044b \u0432\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0435\u0449\u0451 \u0438 \u0432 \u042f\u043d\u0434\u0435\u043a\u0441 \u0422\u0430\u043a\u0441\u0438, \u0442\u043e \u0438 \u0422\u0430\u043a\u0441\u0438\u043c\u0435\u0442\u0440 \u0442\u0443\u0434\u0430 \u0436\u0435. \u041d\u043e \u044d\u0442\u043e, \u043d\u0430\u0434\u0435\u0435\u043c\u0441\u044f, \u0432\u0440\u044f\u0434 \u043b\u0438.\n\n\u0421\u044b\u0440-\u0431\u043e\u0440 \u0441\u043b\u0443\u0447\u0438\u043b\u0441\u044f \u043f\u043e \u0441\u043b\u0435\u0434\u0430\u043c \u0440\u0438\u0441\u0451\u0440\u0447\u0430 Check Point \u043e \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0435 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-8913, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0438 \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u043e\u0439 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430. \u041e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 13% Android \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 Play Core, \u0438\u0437 \u043d\u0438\u0445 8% (\u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0445 \u0432\u044b\u0448\u0435) \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u0437\u0430\u043c\u0435\u043d\u0438\u043b\u0438 \u0435\u0451 \u043d\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0451\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e. \u0418\u0437-\u0437\u0430 \u044d\u0442\u043e\u0433\u043e \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0445\u043e\u0434\u044f\u0442 \u043f\u043e\u0434 \u0434\u0430\u043c\u043e\u043a\u043b\u043e\u0432\u044b\u043c \u043c\u0435\u0447\u043e\u043c \u0446\u0435\u043b\u043e\u0433\u043e \u0441\u043f\u0435\u043a\u0442\u0440\u0430 \u0430\u0442\u0430\u043a, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0432 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0432 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0438\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 SMS \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u0418\u043b\u0438 \u0432 \u043c\u0435\u0441\u0441\u0435\u043d\u0434\u0436\u0435\u0440\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u043f\u0435\u0440\u0435\u043f\u0438\u0441\u043a\u0435.\n\n\u041d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435, \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0441 \u0440\u0430\u0441\u043a\u0430\u0442\u043a\u043e\u0439 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0431\u044b\u0447\u043d\u0430\u044f. \u0418 \u044d\u0442\u043e \u043a\u0430\u0433\u0431\u044d \u043d\u0430\u043c\u0435\u043a\u0430\u0435\u0442, \u0447\u0442\u043e \u043a\u043e\u043d\u0441\u0435\u0440\u0432\u0430\u0442\u043e\u0440\u0438\u0438 \u0443\u0436\u0435 \u043d\u0430\u0434\u043e \u0437\u0430\u0434\u0443\u043c\u0430\u0442\u044c\u0441\u044f \u043d\u0430\u0434 \u043d\u0435\u043a\u0438\u043c \u0431\u0438\u0437\u043d\u0435\u0441-\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0434\u043e\u0431\u043d\u043e Check Point \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b \u0431\u044b Google Play, \u0432\u044b\u044f\u0432\u043b\u044f\u043b \u043d\u0435\u0440\u0430\u0434\u0438\u0432\u044b\u0445 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0438 \u0411\u0410\u041d\u0418\u041b \u0418\u0425 \u041f\u041e\u041a\u0410 \u041d\u0415 \u041f\u0420\u041e\u041f\u0410\u0422\u0427\u0410\u0422 \u0421\u0412\u041e\u0418 \u0410\u041f\u041f\u042b. \u0418\u0437\u0432\u0438\u043d\u0438\u0442\u0435, \u043f\u043e\u0436\u0430\u043b\u0443\u0439\u0441\u0442\u0430, \u0437\u0430 \u043a\u0430\u043f\u0441\u043b\u043e\u043a. \u041d\u0430\u0431\u043e\u043b\u0435\u043b\u043e \u0431\u043e\u043b\u0435\u0442\u044c \u0437\u0430 \u043f\u0440\u0438\u0437\u0440\u0430\u0447\u043d\u043e\u0441\u0442\u044c \u0431\u043b\u0430\u0433\u043e\u043f\u043e\u043b\u0443\u0447\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0410 \u0434\u043b\u044f \u043f\u043e\u0441\u0442\u0441\u043a\u0440\u0438\u043f\u0442\u0443\u043c\u0430 \u0434\u0430\u0432\u0430\u0439\u0442\u0435 \u0432\u043c\u0435\u0441\u0442\u0435 \u043e\u0441\u0443\u0434\u0438\u043c \u0430\u0432\u0442\u043e\u0440\u0430 Zero Day, \u0445\u0430\u0439\u043f\u0430\u043d\u0443\u0432\u0448\u0435\u043c \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u043e \u043d\u0435 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u043c 8% \u0432\u0441\u0435\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Google Play \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043f\u0435\u0440\u0435\u0434 \u0441\u0442\u0430\u0440\u044b\u043c \u0431\u0430\u0433\u043e\u043c. \u041f\u0438\u0441\u0443\u0447\u0435\u0441\u0442\u044c \u0442\u043e\u0432\u0430\u0440\u0438\u0449\u0430 \u0427\u0438\u043c\u043f\u0430\u043d\u0443 \u0438\u043d\u043e\u0433\u0434\u0430 \u043f\u0435\u0440\u0435\u0432\u043e\u0434\u0438\u0442 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0432 \u043d\u0435\u043a\u0430\u0447\u0435\u0441\u0442\u0432\u043e.", "creation_timestamp": "2020-12-04T09:19:29.000000Z"}, {"uuid": "6ff5a50a-e9e7-45ca-91dd-dcc948726c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "seen", "source": "https://t.me/tomhunter/187", "content": "\u0422\u0443\u0442 \u043d\u0430 \u0434\u043d\u044f\u0445 \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u043d\u043e\u0432\u043e\u0441\u0442\u044c \u043e\u0442 CheckPoint`\u0430, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0441\u043b\u0435\u0434\u0443\u0435\u0442, \u0447\u0442\u043e \u0440\u044f\u0434 \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f Android \u0434\u043e \u0441\u0430\u043c\u043e\u0433\u043e \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b, \u0430 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0428\u0442\u0443\u043a\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0435\u0449\u0451 \u0432 \u043c\u0430\u0440\u0442\u0435 2020 \u0433\u043e\u0434\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Google \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0432\u043e\u0438\u0445 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a Play Core. \u042d\u0442\u0430 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0438\u0437 Google Play.\n\n\u0414\u043b\u044f \u043f\u043e\u043d\u0438\u043c\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0430 \u0440\u0430\u0431\u043e\u0442\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2020-8913, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 8,8 \u0431\u0430\u043b\u043b\u0430 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 \u0441\u0443\u0440\u043e\u0432\u043e\u0441\u0442\u0438, \u043d\u0443\u0436\u043d\u043e \u043a\u0440\u0430\u0442\u043a\u043e \u043f\u043e\u044f\u0441\u043d\u0438\u0442\u044c \u0437\u0430 \u0442\u043e, \u043a\u0430\u043a Android \u0444\u0438\u043b\u044c\u0442\u0440\u0443\u0435\u0442 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f. \u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043e\u043a, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u044b\u0445 \u0441 Google Play, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u043f\u0430\u043f\u043a\u0430 \u201cverified\u201d, \u043a\u0443\u0434\u0430, \u043a\u0430\u043a \u0432\u0438\u0434\u043d\u043e \u0438\u0437 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f, \u043b\u043e\u0436\u0430\u0442\u0441\u044f \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0441\u0447\u0438\u0442\u0430\u0435\u0442 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u043c\u0438 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043e\u0432. \u0422\u0430\u043a\u0438\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043c\u043e\u0433\u0443\u0442 \u0441\u043c\u0435\u043b\u043e \u043e\u0431\u0440\u0430\u0449\u0430\u0442\u044c\u0441\u044f \u0432 Google Play \u0438 \u043f\u043e\u0434\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u0414\u043b\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u0437 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u0430\u043f\u043a\u0430 \u201cnon-verified\u201d - \u0441\u0432\u043e\u0435\u043e\u0431\u0440\u0430\u0437\u043d\u043e\u0435 \u0447\u0438\u0441\u0442\u0438\u043b\u0438\u0449\u0435, \u0433\u0434\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u0436\u0434\u0430\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043f\u0440\u044f\u043c\u043e\u0435 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, ../verified_splits/my_evil_payload.apk) \u043f\u0440\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435, \u0441\u043a\u0430\u0436\u0435\u043c, \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0436\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0430\u043f\u043a\u0443 \u0434\u043b\u044f \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0437\u0430\u043f\u0438\u0445\u043d\u0443\u0442\u044c \u0437\u043b\u043e\u0432\u0440\u0435\u0434 \u043f\u0440\u044f\u043c\u043e \u0432\u043d\u0443\u0442\u0440\u044c \u0440\u0430\u043d\u0435\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b.\n\n\u0412 Google \u0441\u043c\u043e\u0433\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c. \u041d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0432\u0435\u043d\u0434\u043e\u0440\u043e\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u043d\u0435 \u043c\u043e\u0433\u043b\u0430 \u0438 \u043e\u0431\u0440\u0430\u0442\u0438\u043b\u0430\u0441\u044c \u0441 \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0441\u044c\u0431\u043e\u0439 \u043a \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c, \u0441\u0440\u0435\u0434\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0438: Facebook, Instagram, WhatsApp, SnapChat, Booking \u0438 Edge.\n\n\u041c\u043d\u043e\u0433\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043e\u0442\u043e\u0437\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u0440\u0430\u0437\u0443 \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u041d\u043e, \u0432\u043e\u0442 \u0443\u0436\u0435 \u043f\u0440\u043e\u0448\u043b\u043e \u0431\u043e\u043b\u044c\u0448\u0435 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u044b \u0433\u043e\u0434\u0430, \u0430 \u0441\u0443\u0434\u044f \u043f\u043e \u043e\u0442\u0447\u0451\u0442\u0443 CheckPoint, \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u043e\u0442 Microsoft \u043f\u043e\u0434 Android \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0434\u0430\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n\u041a \u0441\u043b\u043e\u0432\u0443, \u0432 \u0434\u043e\u043a\u043b\u0430\u0434\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u043b\u044e\u0431\u043e\u043f\u044b\u0442\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0441 \u043f\u043e\u043c\u0435\u0442\u043a\u0430\u043c\u0438, \u043a\u0442\u043e \u0438 \u043a\u043e\u0433\u0434\u0430 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u041e\u0442\u0442\u0443\u0434\u0430 \u0432\u0438\u0434\u043d\u043e, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0447\u0442\u043e Booking \u0438 Viber \u043f\u043e\u0434\u043e\u0448\u043b\u0438 \u043a \u0432\u043e\u043f\u0440\u043e\u0441\u0443 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u0435\u0435 \u0432\u0441\u0435\u0445.", "creation_timestamp": "2020-12-06T19:56:44.000000Z"}, {"uuid": "c85abd6f-6fd5-41bf-a6fe-1ed05ccf740f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "seen", "source": "https://t.me/cibsecurity/17070", "content": "\u274c Google Play Apps Remain Vulnerable to High-Severity Flaw \u274c\n\nPatches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Cisco Teams and Edge.\n\n\ud83d\udcd6 Read\n\nvia \"Threat Post\".", "creation_timestamp": "2020-12-03T12:26:48.000000Z"}, {"uuid": "e486060b-18ca-47d2-8f0f-0da0cfaf8d36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/982", "content": "Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913\nhttps://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/", "creation_timestamp": "2020-09-18T05:45:32.000000Z"}, {"uuid": "466d4d75-7250-4635-bb2f-cfca6fa43329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "seen", "source": "Telegram/Pqw0u9P8CHjWsNdHzXOACcCyEtt9gHD8gH0Pf7OTw085V8w", "content": "", "creation_timestamp": "2020-12-09T14:55:53.000000Z"}, {"uuid": "345c4cb2-cb64-4ebd-a4a5-29598b0c5b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "seen", "source": "Telegram/k07lDqkGtJcaR11FtIiA2hIEpnjbT2YIB5c6sIfvRWHOww", "content": "", "creation_timestamp": "2020-12-09T14:55:53.000000Z"}, {"uuid": "6343e291-ba55-4a72-87bd-cd1d1f451031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8913", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2228", "content": "CVE-2020-8913:\nPersistent code execution in Google Play Core Library (PoC)\nhttps://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library\n]-&gt; Vulnerability in Google Play Core Library Remains Unpatched in Google Play Applications...\nhttps://research.checkpoint.com/2020/vulnerability-in-google-play-core-library-remains-unpatched-in-google-play-applications", "creation_timestamp": "2020-12-05T18:36:29.000000Z"}]}