Discovered a vulnerability in the fortnite installer for android

Google has discovered a vulnerability in the Fortnite installer. On August 15, the company reported this ruling to Epic Games. Due to this security flaw in the installer, malware could be downloaded on Android phones. It was possible to replace the game content pack with other content, including malicious applications. Epic Games reacted quickly.

A Fortnite installer vulnerability used to download malware on Android

Since a couple of days later, on August 17, the company announced that the failure had already been definitively resolved. Completely ending the threat.

Fortnite security issue

The vulnerability Google found could be exploited on Samsung Galaxy phones that can download Fortnite APK. It is a Man-in-the-disk exploit, thanks to which it is possible to control the processes that occur in the internal storage of the device in question. In addition to having read permissions. Downloading the game from the store on Samsung phones caused all permissions to be given automatically.

The game was installed in the external storage of the device. Upon completion of the download, Fortnite was replaced by a malicious package. And having all the permissions, the user was not aware of everything that was being downloaded to the device. Epic Games has already solved this problem, so that the game is downloaded directly to internal storage.

For now, the number of users on Android who have been affected by the problem is unknown. It happened in the first week that the Epic Games game was available for download, so the number could be high.

The Hacker News Font