Google identified a critical vulnerability in the installer Fortnite
- AIn order not to pay a part of the profits, Epic Games sold the Android version of the game not through Google Play, but with the help of a specially created installer. As it turned out, in a hurry the developers of the popular shooter did not fully take care of the security of users - the Fortnite firmware installer had a critical vulnerability, which Google found.
Google analysts noticed that due to a flaw in the firmware installer, players can download a fake APK file, since the game installer only checks files by name. Therefore, any file that has the required name can be easily downloaded. In addition, if you change the version in the fake installation file to 22 or less, then the application will get all possible permissions at all.
Note that the game developer listened to Google's advice and instantly updated the bootloader.
Google analysts noticed that due to a flaw in the firmware installer, players can download a fake APK file, since the game installer only checks files by name. Therefore, any file that has the required name can be easily downloaded. In addition, if you change the version in the fake installation file to 22 or less, then the application will get all possible permissions at all.
Note that the game developer listened to Google's advice and instantly updated the bootloader.