Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers.
The researchers found these vulnerabilities (tracked as CVE-2021–42598, CVE-2021–42599, CVE-2021–42600, and CVE-2021–42601) in a mobile framework owned by mce Systems exposing users to command injection and privilege escalation attacks.
The vulnerable apps have millions of downloads on Google’s Play Store and come pre-installed as system applications on devices bought from affected telecommunications operators, including AT&T, TELUS, Rogers Communications, Bell Canada, and Freedom Mobile.
The ability to talk, on any wave, freely.