wordpress blog stats
Connect with us

Hi, what are you looking for?

Microsoft patches flaw in Outlook app for Android that could have led to spoofing attacks

A Microsoft building

Microsoft on Thursday released an updated version of Outlook for Android that patches an important security flaw in the email app, which could have potentially led to spoofing attacks, Hacker News reported. Outlook for Android has been downloaded more than 100 million times on the Play Store. According to an advisory from Microsoft, the vulnerability was related to how Outlook for Android parses specifically crafted email messages. Microsoft’s advisory said, “An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.” The company said the flaw was independently reported by five security researchers, and that it was not aware of any actual attacks related to this issue.

Other flaws found recently in Android apps

  • Last week, a security flaw in the ‘Shot on OnePlus’ app caused OnePlus to leak the email addresses and other personal information of hundred of its users. 9to5Google said it discovered the “somewhat major” vulnerability in the API OnePlus uses for the app a couple of months ago, and that the company had already fixed it. It said it was unclear for how long users’ data had been leaking in this way, but believed it had been happening since the launch of the ‘Shot on OnePlus’ app many years ago.
  • In May, WhatsApp confirmed that a flaw in its app left it vulnerable to a spyware attack that installed a malicious code on a victim’s smartphone through a simple voice call on WhatsApp. FT, which first reported the breach, said the spyware was created by the NSO Group, an Israeli software company. Earlier this week, its majority owner Novalpina Capital, a UK private equity firm, promised a “significant enhancement of respect for human rights” at NSO Group, per The Guardian.
  • In April, Hacker News reported that two browser apps created by Xiaomi had a critical vulnerability that had not yet been patched despite being privately reported to the company. The Mi Browser comes built-in with the company’s Mi and Redmi smartphones, while the Mint browser is available on Google Play for non-Xiaomi devices. The vulnerability was an address bar spoofing issue that allowed a malicious website to control the URLs displayed. The flaw could be used to easily trick users into thinking they were visiting a trusted website when actually being served with a phishing or malicious content. The issue only affected the international variants of both web browsers. Xiaomi rewarded the researcher who reported the issue with a bug bounty but left the vulnerability unpatched.

You May Also Like


The chipmaker Intel has now launched a facial recognition solution, which the company says will work with smart locks, access control, point-of-sale devices, ATMs...


As businesses and individuals moved online, cyber criminals and fraudsters were able to hone in their skills and target a wider range of people...


In the aftermath of the US government data breach this month that impacted the US Treasury Department, the National Telecommunications and Information Administration and...


The Payment Card Industry Data Security Standard (PCI-DSS), the international body for card security, is working on updating security standards for card and mobile...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ