Chinese App Uses Android Flaw To Spy On Users, CISA Warns

The Chinese app for e-commerce Pinduoduo is suspected of having used a high-severity Android vulnerability as a zero-day to spy on its users, in line with the U.S. Cybersecurity and Infrastructure Security Agency (CISA). For unpatched Android devices, this security hole in the Android Framework (identified as CVE-2023-20963) enables attackers to increase their privileges without […]

agency android android devices android framework android vulnerability app attackers chinese cisa commerce cve cybersecurity devices e-commerce flaw framework grc high identity and access management (iam) infrastructure infrastructure security malware and vulnerabilities news & analysis pinduoduo privileges security severity spy strategy and planning unpatched vulnerability zero-day