In August the Snyk Security Research team uncovered malicious behavior in a popular Advertising SDK - Mintegral - used by over 1,200 apps in the AppStore (constituting 300 Million downloads per month), based on industry expert estimates.
After further research, today the team updates on malicious activity in the Android SDK, as well as remote execution capabilities in iOS.
To learn more on the recent discoveries read:
- The blog post: SourMint: iOS remote code execution, Android findings, and community response
- The research page: SourMint Malicious SDK Research write up
Feel free to ask us about this vulnerability - we'll be happy to provide our input.