Some of the most popular Android applications installed on your phone may be vulnerable to a new type of attack named “Man-in-the-Disk”” that can grant a third-party app the ability to crash them and/or run malicious code. Researchers say they were able to create a malicious app that appeared as a benign flashlight app that asked for the permission to store data on a device’s External Storage space and used this permission to attack other apps. Google and Yandex apps are vulnerable to the two versions of MitD attacks
Source: security