Updates on SourMint: Android and iOS Remote Code Execution

#securityupdates #sourmint #securityresearch #vulndb

Danny Grander Oct 15, 2020 ・1 min read

In August the Snyk Security Research team uncovered malicious behavior in a popular Advertising SDK - Mintegral - used by over 1,200 apps in the AppStore (constituting 300 Million downloads per month), based on industry expert estimates.

After further research, today the team updates on malicious activity in the Android SDK, as well as remote execution capabilities in iOS.

To learn more on the recent discoveries read:

The blog post: SourMint: iOS remote code execution, Android findings, and community response
The research page: SourMint Malicious SDK Research write up

Feel free to ask us about this vulnerability - we'll be happy to provide our input.

Discussion

[Podcast] Barcoding podcast - Episode 13: Security

🧑🏼‍💻 Brian Vermeer - Dec 4 '20

[Security Disclosures] Weekly Roundup (Nov 20 - 25)

SnykCommunity - Dec 3 '20

[Announcements] Recent Product Updates - Bug Fixes, Security Policies, and Dockerfile Updates

Sharone Zitzman - Dec 3 '20

[Discuss] DevSecOps tools for open source projects in JavaScript and Node.js

Liran Tal - Dec 2 '20

Snyk Community

Snyk Community is a community of amazing users

Updates on SourMint: Android and iOS Remote Code Execution

Discussion

Read next

[Podcast] Barcoding podcast - Episode 13: Security

[Security Disclosures] Weekly Roundup (Nov 20 - 25)

[Announcements] Recent Product Updates - Bug Fixes, Security Policies, and Dockerfile Updates

[Discuss] DevSecOps tools for open source projects in JavaScript and Node.js

Snyk Community is a community of amazing users

Read next

[Podcast] Barcoding podcast - Episode 13: Security

[Security Disclosures] Weekly Roundup (Nov 20 - 25)

[Announcements] Recent Product Updates - Bug Fixes, Security Policies, and Dockerfile Updates

[Discuss] DevSecOps tools for open source projects in JavaScript and Node.js

Log in to continue