Malicious code impacting more than a billion smartphone owners is currently in the wild and enabling remote code execution, according to security firm Snyk.io. Remote code execution is a very serious security violation, and basically enables the owner of that code do almost anything they want on your phone.
“We were able to build a proof of concept that showed how the backdoor makes it possible for Mintegral to invoke any function and execute arbitrary code via the SDK,” the company says. “This is a significant compromise of device security model and users’ privacy and stands in direct violation of Apple’s policy.”