According to an advisory released Friday by the Microsoft 365 Defender Research Team, a total of four documented vulnerabilities were found – and fixed – in a mobile framework owned by mce Systems, an Israeli company that provides software to mobile carriers.

“Coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could have been attack vectors for attackers to access system configuration and sensitive information,” Redmond warned.

As it is with many of pre-installed or default applications that ship on Android devices, Microsoft’s bug hunters warned that some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device.