Baidu's multiple apps have vulnerabilities, Wuyun claims it can remotely control Android devices

On October 28, the Wuyun vulnerability platform revealed that many apps under Baidu have the WormHole vulnerability. As long as the Android phone is connected to the Internet, it is at risk of being installed with apps and remotely controlled regardless of whether it is rooted or not. At present, Baidu has confirmed the vulnerability and said in its reply that "this vulnerability is known and mo + sdk has been fixed."

It is understood that the WormHole vulnerability affects many Android apps with over 100 million users. Currently, the affected apps include Baidu Maps, Baidu Browser, Baidu Tieba, Baidu Translate, Baidu Video, Baidu Mobile Assistant, Baidu Cloud, Baidu Music, Baidu News, Baidu Photos, Baidu Input Method, etc. In addition, there are many other apps such as Pocket Finance and Mengmeng Chat.

If the phone has the WormHole vulnerability, it can be attacked as long as it is connected to the Internet, whether it is a wifi wireless network or a 3G/4G cellular network. The attacker does not need to touch the phone in advance, and does not need to use DNS spoofing. This vulnerability is only related to the app and is not affected by the system version. The attacker can achieve the purpose of remote silent installation of applications, remote startup of any application, remote acquisition of the user's GPS location information/obtaining imei information/installation of application information, etc.

Professionals say that users who have installed the above-mentioned affected applications should upgrade the applications to the latest version as soon as possible. If the latest version does not fix the vulnerability, users should delete the affected applications as soon as possible.