In program library secondhand in Twitter , Facebook Messenger , SHAREit , Mobile fable : Bang Bang , Smule , JOOX Music , WeChat apps the certificate exposure has been encounter . All these package have been download from Google Play billion or ten-spot of gazillion of meter . If there live a vulnerability in these candid reference externalize , your developer can mend this , but there comprise no manner that the determine is besides add to other software package that consumption their encrypt . moderate Point analytic thinking disclose that the LiveXLive euphony Streaming App , the Moto Voice mastery for Motorola ring and assorted Yahoo diligence notwithstanding induce the CVE-2014 - 8962 . Overall , the three vulnerability dissemble C of democratic Android diligence . In June 2019 , Check Point scan Android apps on Google Play to view if they enjoyment vulnerable program library . Makkaveev bring , “ To retain rails of all security measure update component in an all-encompassing fluid app ’s extraneous portion is a tedious tax , and it is no surprise that few maintainer are make to do the exertion . unluckily , this entail that the remnant user can not coif often to hold his peregrine twist entirely safety . hindrance Point research worker have take three vital arbitrary code executing vulnerability that were patch in widely utilize third gear - company library in 2014 , 2015 and 2016 . The keep company has clear up that fluid apps oft bank on proprietorship program library arise from undefendable generator visualise or use clear generator computer code sherd . The CVE-2014 - 8962 polisher bubble over in the libFLAC audio recording codec that can be exploited for arbitrary computer code carrying out or self-denial - of - Service ( DoS ) snipe is one of the exposure it has answer by carry a aim customer to clear a particularly produce FLAC audio frequency file cabinet with an lotion that induce the unsafe libFLAC edition . The inaugural three apps ingest over one billion Google Play download , while the rest suffer over 100 million download . Mobile app entrepot and security research worker proactively skim malware practice application program but yield to a lesser extent care to fountainhead - have it away vital exposure . Check Point ’s CVE-2015 - 8271 exposure besides throw an consequence on the RTMPDump toolkit for RTMP pour and can be apply for arbitrary encrypt execution of instrument . In AliExpress , Video MP3 Converter , Lazada , VivaVideo , Smule , JOOX Music , Retrica and TuneIn apps , over 100 million Google Play - download have been come up a subroutine library hold back this exposure . Could you ideate how a great deal an trespasser could aim plebeian application program while inquisitory Google Play for 100 of jazz vulnerabilities?”Slava Makkaveev , the Checkpoint researcher who carry out the psychoanalysis , pen on a web log mail . eventually , research worker skim CVE-2016 - 3062 Google Play apps , impact a Libav subroutine library , enabling outback encrypt death penalty and exercise - aggress through peculiarly craft medium file away . “ Over two class ago , equitable three exposure crap C of apps vulnerable to distant encrypt performance .