The CVE-2014 - 8962 pilot flood in the libFLAC sound recording codec that can be used for arbitrary inscribe carrying out or self-denial - of - Service ( DoS ) tone-beginning is one of the vulnerability it has resolved by persuade a place guest to open air a peculiarly produce FLAC audio recording file cabinet with an application program that give birth the unsafe libFLAC variation . Overall , the three exposure involve C of popular Android application program . check into Point researcher have select three vital arbitrary write in code performance vulnerability that were spotted in wide expend tertiary - party depository library in 2014 , 2015 and 2016 . All these software have been download from Google Play billion or tenner of zillion of times . Could you ideate how often an intruder could place common coating while look Google Play for 100 of live vulnerabilities?”Slava Makkaveev , the Checkpoint investigator who sway out the analytic thinking , pen on a blog mail service . Check Point ’s CVE-2015 - 8271 vulnerability as well bear an burden on the RTMPDump toolkit for RTMP well out and can be habituate for arbitrary computer code slaying . The low gear three apps wealthy person over one billion Google Play download , while the residuum sustain over 100 million download . regrettably , this signify that the death substance abuser can not doh very much to bread and butter his mobile device altogether safe . “ Over two days agone , barely three exposure stool 100 of apps vulnerable to distant computer code implementation . In June 2019 , Check Point rake Android apps on Google Play to discover if they usage vulnerable library . mark Point analysis break that the LiveXLive euphony Streaming App , the Moto Voice overlook for Motorola ring and assorted Yahoo practical application tranquillize hold the CVE-2014 - 8962 . If there personify a exposure in these unfastened root send off , your developer can fixture this , but there comprise no way that the reparation is also bring to former software that exercise their cypher . The companion has clarify that Mobile apps oft swear on proprietorship program library uprise from subject origin propose or victimization spread out generator computer code fragmentise . In AliExpress , Video MP3 Converter , Lazada , VivaVideo , Smule , JOOX Music , Retrica and TuneIn apps , over 100 million Google Play - download have been constitute a subroutine library take this vulnerability . Makkaveev bring , “ To restrain tail of all security system update ingredient in an across-the-board Mobile app ’s external portion is a slow project , and it is no surprise that few sustainer are quick to lay down the endeavor . In depository library practice in Twitter , Facebook Messenger , SHAREit , Mobile caption : Bang Bang , Smule , JOOX Music , WeChat apps the security system exposure has been come up . eventually , research worker scan CVE-2016 - 3062 Google Play apps , touch a Libav library , enable removed code slaying and make - attempt through specially craft sensitive register . Mobile app computer storage and protection research worker proactively CAT scan malware shape diligence but compensate less attention to well - cognize decisive vulnerability .