wordpress blog stats
Connect with us

Hi, what are you looking for?

Microsoft patches flaw in Outlook app for Android that could have led to spoofing attacks

A Microsoft building

Microsoft on Thursday released an updated version of Outlook for Android that patches an important security flaw in the email app, which could have potentially led to spoofing attacks, Hacker News reported. Outlook for Android has been downloaded more than 100 million times on the Play Store. According to an advisory from Microsoft, the vulnerability was related to how Outlook for Android parses specifically crafted email messages. Microsoft’s advisory said, “An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.” The company said the flaw was independently reported by five security researchers, and that it was not aware of any actual attacks related to this issue.

Other flaws found recently in Android apps

  • Last week, a security flaw in the ‘Shot on OnePlus’ app caused OnePlus to leak the email addresses and other personal information of hundred of its users. 9to5Google said it discovered the “somewhat major” vulnerability in the API OnePlus uses for the app a couple of months ago, and that the company had already fixed it. It said it was unclear for how long users’ data had been leaking in this way, but believed it had been happening since the launch of the ‘Shot on OnePlus’ app many years ago.
  • In May, WhatsApp confirmed that a flaw in its app left it vulnerable to a spyware attack that installed a malicious code on a victim’s smartphone through a simple voice call on WhatsApp. FT, which first reported the breach, said the spyware was created by the NSO Group, an Israeli software company. Earlier this week, its majority owner Novalpina Capital, a UK private equity firm, promised a “significant enhancement of respect for human rights” at NSO Group, per The Guardian.
  • In April, Hacker News reported that two browser apps created by Xiaomi had a critical vulnerability that had not yet been patched despite being privately reported to the company. The Mi Browser comes built-in with the company’s Mi and Redmi smartphones, while the Mint browser is available on Google Play for non-Xiaomi devices. The vulnerability was an address bar spoofing issue that allowed a malicious website to control the URLs displayed. The flaw could be used to easily trick users into thinking they were visiting a trusted website when actually being served with a phishing or malicious content. The issue only affected the international variants of both web browsers. Xiaomi rewarded the researcher who reported the issue with a bug bounty but left the vulnerability unpatched.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...

News

Releasing the policy is akin to putting the proverbial 'cart before the horse'.

News

The industry's growth is being weighed down by taxation and legal uncertainty.

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ