According to a study by Check Point Research, the latest versions Facebook, Instagram, and WeChat hosted on Google Play may contain known security vulnerabilities that could leave users exposed to attacks. Check Point claims that it did a cross-examination of the latest versions of such high-profile mobile applications for three known remote control execution (RCE) vulnerabilities dating from 2014, 2015 and 2016. The security software firm said that it found vulnerable code, which was claimed to be patched, present in the latest versions of the applications.
The research proves that threat actors can still execute code on the latest versions of mobile applications on Play Store; despite the updates those mobile apps have pushed to people. Threat actors can theoretically steal and alter posts on Facebook, extract location data from Instagram and read SMS messages in WeChat. The company had informed Google of the vulnerabilities.