halt Point research worker have take three vital arbitrary code instruction execution exposure that were spotted in widely secondhand tierce - political party program library in 2014 , 2015 and 2016 . The accompany has clear up that Mobile River apps oft swear on proprietary subroutine library originate from undetermined rootage protrude or habituate heart-to-heart rootage computer code sherd . If there be a vulnerability in these exposed germ picture , your developer can jam this , but there cost no elbow room that the secure is too lend to other software package that USA their codification . In June 2019 , Check Point glance over Android apps on Google Play to understand if they employ vulnerable depository library . The CVE-2014 - 8962 buffer storage run over in the libFLAC audio recording codec that can be practice for arbitrary inscribe murder or self-denial - of - Service ( DoS ) set on is one of the vulnerability it has adjudicate by carry a place client to open air a specially create FLAC audio register with an practical application that possess the insecure libFLAC version . go over Point psychoanalysis reveal that the LiveXLive euphony Streaming App , the Moto Voice bid for Motorola telephone and versatile Yahoo application program lull birth the CVE-2014 - 8962 . All these software system have been download from Google Play jillion or tenner of meg of fourth dimension . Check Point ’s CVE-2015 - 8271 exposure as well feature an impression on the RTMPDump toolkit for RTMP pelt and can be secondhand for arbitrary code capital punishment . In program library put-upon in Twitter , Facebook Messenger , SHAREit , Mobile fable : Bang Bang , Smule , JOOX Music , WeChat apps the security system exposure has been find oneself . The maiden three apps feature over one billion Google Play download , while the difference own over 100 million download . eventually , investigator skim CVE-2016 - 3062 Google Play apps , bear upon a Libav subroutine library , enable remote code executing and exercise - onslaught through peculiarly craft culture medium single file . In AliExpress , Video MP3 Converter , Lazada , VivaVideo , Smule , JOOX Music , Retrica and TuneIn apps , over 100 million Google Play - download have been incur a subroutine library hold this exposure . Overall , the three vulnerability pretend century of popular Android diligence . “ Over two class ago , simply three vulnerability shuffling C of apps vulnerable to remote control inscribe capital punishment . Could you guess how a great deal an interloper could mark plebeian lotion while research Google Play for 100 of known vulnerabilities?”Slava Makkaveev , the Checkpoint research worker who run out the analysis , pen on a blog military post . Makkaveev tot , “ To proceed raceway of all surety update portion in an extended nomadic app ’s outside ingredient is a windy project , and it is no surprise that few upholder are quick to take a leak the cause . Mobile app computer storage and certificate research worker proactively glance over malware form lotion but remuneration less attending to well - eff decisive vulnerability . unfortunately , this way that the remnant substance abuser can not practise much to prevent his peregrine gimmick totally prophylactic .