The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.
The group has added a management console and a USB worming function to its main malware, Crimson RAT.
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
The flaw was recently patched in Android’s February Security Bulletin.
It’s important for businesses of all sizes to not only view their suppliers’ attack surface as their own but also extend some of their security protections.