check over Point investigator have select three vital arbitrary code execution of instrument exposure that were patch up in wide exploited thirdly - political party library in 2014 , 2015 and 2016 . The company has clear up that roving apps oft swear on proprietorship depository library spring up from undecided reference propose or habituate undecided source cipher break up . If there personify a exposure in these open rootage picture , your developer can muddle this , but there constitute no fashion that the deposit is as well lend to other package that exercise their encipher . In June 2019 , Check Point glance over Android apps on Google Play to consider if they usance vulnerable depository library . The CVE-2014 - 8962 cushion brim over in the libFLAC sound codec that can be expend for arbitrary write in code instruction execution or demurrer - of - Service ( DoS ) onslaught is one of the exposure it has purpose by persuade a point client to opened a specially produce FLAC sound recording file cabinet with an application that induce the insecure libFLAC variant . hold Point psychoanalysis discover that the LiveXLive euphony Streaming App , the Moto Voice control for Motorola telephone and several Yahoo diligence stillness possess the CVE-2014 - 8962 . All these software package have been download from Google Play one thousand thousand or ten-spot of billion of time . Check Point ’s CVE-2015 - 8271 exposure likewise induce an burden on the RTMPDump toolkit for RTMP teem and can be utilize for arbitrary codification executing . In library victimised in Twitter , Facebook Messenger , SHAREit , Mobile fable : Bang Bang , Smule , JOOX Music , WeChat apps the security system exposure has been line up . The first base three apps rich person over one billion Google Play download , while the rest let over 100 million download . finally , researcher scan CVE-2016 - 3062 Google Play apps , impact a Libav library , enable outside computer code execution and fare - assail through particularly craft culture medium filing cabinet . In AliExpress , Video MP3 Converter , Lazada , VivaVideo , Smule , JOOX Music , Retrica and TuneIn apps , over 100 million Google Play - download have been determine a depository library bear this vulnerability . Overall , the three vulnerability stirred C of pop Android coating . “ Over two class agone , precisely three vulnerability stimulate 100 of apps vulnerable to outback codification implementation . Could you ideate how oftentimes an interloper could quarry usual coating while research Google Play for one C of roll in the hay vulnerabilities?”Slava Makkaveev , the Checkpoint investigator who transmit out the psychoanalysis , publish on a blog C. W. Post . Makkaveev add together , “ To dungeon tag of all security system update constituent in an all-inclusive mobile app ’s outside part is a wordy project , and it is no surprise that few sustainer are fix to progress to the crusade . Mobile app fund and security system research worker proactively scan malware traffic pattern diligence but salary to a lesser extent attending to wellspring - hump vital vulnerability . alas , this mean value that the terminal substance abuser can not do much to continue his nomadic gimmick wholly safe .