Android Printing App

A critical security issue has been discovered by the Japanese Vulnerability Notes (JVN) with the Kyocera Android printing app. 

The security flaw has been tracked as CVE-2023-25954. Specifically, the app is at risk of improper intent handling, which could enable malicious applications to exploit the flaw. 

EHA

This would allow it to download harmful malware onto devices, posing a significant threat to users.

In light of the aforementioned security issue, KYOCERA has taken swift action and released a security bulletin to inform users of the potential vulnerability. 

Products Affected

Here below, we have mentioned the products that are affected:-

  • Android app “KYOCERA Mobile Print”, v3.2.0.230119, and earlier, it has 1 million downloads on Google Play.
  • Android app “UTAX/TA MobilePrint”, v3.2.0.230119, and earlier, it has 100k downloads on Google Play.
  • ​Android app “Olivetti Mobile Print”, v3.2.0.230119, and earlier, it has 10k downloads on Google Play.

Despite being published by different publishers, it has been discovered that all these three apps share the same source code.

This means the vulnerability impacts all three apps, regardless of their respective publishers. The bulletin urges all users of the affected printing app to upgrade to the latest version, 3.2.0.230227, which is readily available for download on Google Play.

For the successful execution of the attack, the user would also need to install a separate and malicious application on their device. 

Here the secondary malicious app would be used to trigger the payload download, which will enable the vulnerability to be exploited. Besides this, a malicious app could be easily distributed that exploits this vulnerability. 

Since it wouldn’t require any risky code to be included in it, or upon installation, it wouldn’t have to ask for suspicious permissions.

However, Android 14 is expected to have enhanced security for intent handling. As a result, it will reduce the associated risks and make it more difficult to hide the true nature of data exchanges.

Why do Organizations need Unified endpoint management – 

Related Read:

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.