A number of high-profile Android apps are still using an unpatched version of Google’s widely-used app update library. Grindr, Bumble, OkCupid, Moovit, Microsoft Edge, Xrecorder, and PowerDirector are still vulnerable. The bug, tracked as CVE-2020-8913, is rated 8.8 out of 10.0 for severity and impacts Android’s Play Core Library versions prior to 1.7.2.2. The flaw stems from a path traversal vulnerability in the library that could be exploited to load and execute malicious code.
Source: https://thehackernews.com/2020/12/several-unpatched-popular-android-apps.html