"KYOCERA Android App With 1M Installs Can Be Abused to Drop Malware"

A KYOCERA Android printing app has been found to be vulnerable to improper intent handling, which enables malicious apps to exploit the vulnerability to download and potentially install malware on affected devices. According to a security advisory published by JVN, a state-supported portal dedicated to promoting security awareness, the flaw, tracked as CVE-2023-25954, affects KYOCERA Mobile Print, UTAX/TA Mobile Print, and Olivetti Mobile Print. Although the apps have different publishers, they are all based on the same code, so the flaw affects all three. The application class of KYOCERA Mobile Print allows data transmission from malicious third-party mobile apps, which could result in the download of malicious files. Furthermore, by using the KYOCERA Mobile Print web browser function, malicious sites can be accessed, and malicious files can be downloaded and executed, leading to the theft of sensitive information on mobile devices. This article continues to discuss the potential exploitation of CVE-2023-25954 impacting KYOCERA Mobile Print, UTAX/TA Mobile Print, and Olivetti Mobile Print apps. 

Bleeping Computer reports "KYOCERA Android App With 1M Installs Can Be Abused to Drop Malware"