Microsoft reveals critical security flaw affecting Android apps

Share post:

Microsoft has identified a serious vulnerability in Android apps that could allow malicious software to hijack legitimate apps and steal valuable user information. This flaw, named “Dirty Stream,” affects many popular apps with billions of combined downloads.

The “Dirty Stream” flaw takes advantage of Android’s content provider system, which is designed for secure data sharing between apps. However, incorrect implementation of the system can lead to exploitation, as attackers use “custom intents” to access sensitive areas of an app. For example, vulnerable apps might not properly validate file paths, allowing malicious code to be inserted.

Attackers exploiting the flaw could overwrite critical files in an app’s private storage, potentially gaining control over the app’s behaviour, accessing sensitive data, or intercepting login information. The flaw has been identified in popular apps like Xiaomi’s File Manager and WPS Office, affecting billions of installations.

Microsoft has notified developers of vulnerable apps, working with them to deploy fixes. Google has updated its app security guidelines to prevent similar vulnerabilities in the future.

Android users should stay vigilant with app updates and download apps only from official sources like the Google Play Store to minimize the risk of malicious apps.

 

SUBSCRIBE NOW

Related articles

AT&T Fined $13 Million for Supply Chain Data Breach

AT&T has agreed to pay a $13 million fine following a significant data breach that exposed information of...

Supply Chain Attack Weaponizes Communication Devices in Lebanon

A sophisticated supply chain attack has turned everyday communication devices into weapons in Lebanon, marking a new era...

Chinese Botnet “Raptor Train” Infects 260,000 Devices Worldwide

A massive Chinese botnet dubbed "Raptor Train" has been disrupted by the FBI and cybersecurity researchers. This sophisticated...

If you can read this – we’re back!!!

We've been off line with our newsletters for some time now as we restarted TechNewsDay under new ownership! We...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways