SOLVED

Edge (Android) vulnerability CVE-2020-8913

%3CLINGO-SUB%20id%3D%22lingo-sub-1955762%22%20slang%3D%22en-US%22%3EEdge%20(Android)%20vulnerability%20CVE-2020-8913%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1955762%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20have%20been%20several%20articles%20based%20on%20Check%20Point's%20blog%20post%20yesterday%20about%20this%2C%20claiming%20that%20Edge%20(i.a.)%20is%20still%20vulnerable.%20Has%20the%20Android%20app%20not%20yet%20been%20patched%20to%20combat%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fblog.checkpoint.com%2F2020%2F12%2F03%2Fwidespread-android-applications-still-exposed-to-vulnerability-on-google-play-core-library%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EWidespread%20android%20applications%20still%20exposed%20to%20vulnerability%20on%20google%20play%20core%20library%20-%20Check%20Point%20Software%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fandroid-apps-with-200-million-installs-vulnerable-to-security-bug%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EAndroid%20apps%20with%20200%20million%20installs%20vulnerable%20to%20security%20bug%20(bleepingcomputer.com)%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F470968%22%20target%3D%22_blank%22%3E%40MissyQ%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F484598%22%20target%3D%22_blank%22%3E%40fawkes%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1956855%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20(Android)%20vulnerability%20CVE-2020-8913%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1956855%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F9548%22%20target%3D%22_blank%22%3E%40Noel%20Burgess%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20Edge%20team%20would%20be%20able%20to%20response%20to%20this%20issue.%3C%2FP%3E%3CP%3EHowever%2C%20as%20it%20has%20been%20shown%20in%20the%20demo%20%2C%20there%20is%20a%20need%20to%20install%20malicious%20application%20to%20perform%20this%20action%20and%20by%20default%20Android%20will%20block%20running%20apps%20from%20untrusted%20sources%20and%20I%20always%20recommend%20Android%20user%20to%20use%20Anti-Malware%20product%20(there%20are%20plenty%20of%20free%20apps%20on%20Google%20Play).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1958310%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20(Android)%20vulnerability%20CVE-2020-8913%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1958310%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F9548%22%20target%3D%22_blank%22%3E%40Noel%20Burgess%3C%2FA%3E%26nbsp%3BWe%20appreciate%20you%20reaching%20out%20with%20this%20concern%2C%20as%3CSPAN%3E%26nbsp%3Bwe%20take%20security%20seriously.%20We%E2%80%99re%20aware%20of%20reports%20and%20are%20looking%20into%20them.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CI%3EFawkes%20(they%2Fthem)%3CBR%20%2F%3EProgram%20Manager%20%26amp%3B%20Community%20Manager%20-%20Microsoft%20Edge%3CI%3E%3C%2FI%3E%3C%2FI%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1959124%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20(Android)%20vulnerability%20CVE-2020-8913%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1959124%22%20slang%3D%22en-US%22%3E%3CBLOCKQUOTE%3E%3CP%3EHas%20the%20Android%20app%20not%20yet%20been%20patched%20to%20combat%20this%3F%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F484598%22%20target%3D%22_blank%22%3E%40fawkes%3C%2FA%3E%26nbsp%3B%20I'll%20take%20that%20as%20a%20'No'%2C%20then%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1960670%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20(Android)%20vulnerability%20CVE-2020-8913%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1960670%22%20slang%3D%22en-US%22%3EOr%20it%20would%20only%20means%20%22i%20don't%20know%20i%20will%20report%20it%20anyway%20to%20be%20sure%20they%20know%22%20%5E%5E.%3C%2FLINGO-BODY%3E
Frequent Contributor

There have been several articles based on Check Point's blog post yesterday about this, claiming that Edge (i.a.) is still vulnerable. Has the Android app not yet been patched to combat this?

 

 Widespread android applications still exposed to vulnerability on google play core library - Check P... 

Android apps with 200 million installs vulnerable to security bug (bleepingcomputer.com) 

 

@ericlaw @MissyQ @Deleted 

5 Replies

@Noel Burgess 

Microsoft Edge team would be able to response to this issue.

However, as it has been shown in the demo , there is a need to install malicious application to perform this action and by default Android will block running apps from untrusted sources and I always recommend Android user to use Anti-Malware product (there are plenty of free apps on Google Play).

@Noel Burgess We appreciate you reaching out with this concern, as we take security seriously. We’re aware of reports and are looking into them.

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge

Has the Android app not yet been patched to combat this?

@Deleted  I'll take that as a 'No', then ;)

Or it would only means "i don't know i will report it anyway to be sure they know" ^^.
best response confirmed by Noel Burgess (Frequent Contributor)
Microsoft Verified Best Answer
Solution

To wrap this up, here is the response from the Edge team on 10 December:

This has been addressed in the latest version of Microsoft Edge on Android. We encourage you to update the app from the Google Play Store and ensure you are on version 45.11.2.5116.