CERT-In: Microsoft Bing for Android plagued with arbitrary code execution vulnerability

By  | 

Computer Emergency Response Team-India (CERT-In) has warned all Android users of vulnerability in Microsoft Bing on their phones which may be exploited to run arbitrary code.

According to CERT-In, “A flaw has been reported in Microsoft Bing for Android which could trigger while handling DNS responses on an insecure network. An attacker could leverage this issue to execute arbitrary code within the context of the application.”

CERT-In warns that if the vulnerability is exploited successfully, attackers could install arbitrary APK files by utilising “vectors involving a crafted DNS response, leading to the compromise of the device and resulting in information disclosure.”

The advisory notes that Microsoft Bing for Android versions 4.2.0 and prior are affected and users should upgrade to latest versions to remain secure.

The vulnerability was been originally reported by Trustlook back in January and the company claims that the vulnerability can be exploited easily and the smartphone can be owned in just 10 seconds.

Find the video of How to pwn Android n 10 seconds below: