news

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

IT Home reported on August 16 that the technology blog iVerify published a blog post yesterday (August 15),Report that there is a security vulnerability in Google Pixel series phones. If exploited by attackers, they can remotely execute code, install malware, etc.

Vulnerability Overview

The vulnerability is caused by a third-party Android package called Showcase.apk, which was developed by Smith Micro to help Verizon put phones in stores into retail demonstration mode.

IT Home quoted the media as reporting that the application can not only remotely execute code and install software, but also download configuration files through unencrypted HTTP network connections, which means that hackers can exploit the vulnerability to hijack Pixel devices.

Verizon no longer uses Showcase, but the APK is still included in the Android version of the Google Pixel smartphone.

Impact

Google has pre-installed this application in several previous Pixel phones, but the latest Pixel 9 series phones have removed the app, so it is not affected.

repair

Google disclosed the vulnerability in May this year and it has not been fixed yet, but Google said it plans to remove the app through an update.

iVerify believes that the Showcase app may also be embedded in other Android devices. Google said that as a precaution, the company is notifying other Android manufacturers.