The China National Vulnerability Database of Information Security (CNNVD) has recently been informed by Team PanGu, a China-based group consisting of security researchers who focus on mobile security research about a computer vulnerability called “WormBrowser”.
According to Team PanGu, the vulnerability exists on the Android version of Tencent’s QQ Browser and QQ Hotspot applications. The two applications would open local ports in order to allow for file to be transferred whenever they are launched. In such case, the vulnerability could allow attackers to attack other users under the same LAN remotely, and then force the installation of certain applications and perform specific instructions.
In response to Team PanGu’s report, Tencent’s Contingency Response Centre wrote in a public statement that, “QQ Browser Team has completed the repair of the vulnerability and replaced all the relevant online product. Users would not be affected by the vulnerability any more and so far we have nor found any browser users being affected because of the vulnerability.”
QQ Browser is a product managed by Tencent, one of China’s and the world’s largest Internet companies. Tencent’s QQ Group also manages numerous other software applications, such as the Qzone social network, QQ Mail, QQ Music, QQ Pinyin input method, QQ Computer Management, QQ Dictionary, and Tencent Video.