wordpress blog stats
Connect with us

Hi, what are you looking for?

Microsoft patches flaw in Outlook app for Android that could have led to spoofing attacks

A Microsoft building

Microsoft on Thursday released an updated version of Outlook for Android that patches an important security flaw in the email app, which could have potentially led to spoofing attacks, Hacker News reported. Outlook for Android has been downloaded more than 100 million times on the Play Store. According to an advisory from Microsoft, the vulnerability was related to how Outlook for Android parses specifically crafted email messages. Microsoft’s advisory said, “An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.” The company said the flaw was independently reported by five security researchers, and that it was not aware of any actual attacks related to this issue.

Other flaws found recently in Android apps

  • Last week, a security flaw in the ‘Shot on OnePlus’ app caused OnePlus to leak the email addresses and other personal information of hundred of its users. 9to5Google said it discovered the “somewhat major” vulnerability in the API OnePlus uses for the app a couple of months ago, and that the company had already fixed it. It said it was unclear for how long users’ data had been leaking in this way, but believed it had been happening since the launch of the ‘Shot on OnePlus’ app many years ago.
  • In May, WhatsApp confirmed that a flaw in its app left it vulnerable to a spyware attack that installed a malicious code on a victim’s smartphone through a simple voice call on WhatsApp. FT, which first reported the breach, said the spyware was created by the NSO Group, an Israeli software company. Earlier this week, its majority owner Novalpina Capital, a UK private equity firm, promised a “significant enhancement of respect for human rights” at NSO Group, per The Guardian.
  • In April, Hacker News reported that two browser apps created by Xiaomi had a critical vulnerability that had not yet been patched despite being privately reported to the company. The Mi Browser comes built-in with the company’s Mi and Redmi smartphones, while the Mint browser is available on Google Play for non-Xiaomi devices. The vulnerability was an address bar spoofing issue that allowed a malicious website to control the URLs displayed. The flaw could be used to easily trick users into thinking they were visiting a trusted website when actually being served with a phishing or malicious content. The issue only affected the international variants of both web browsers. Xiaomi rewarded the researcher who reported the issue with a bug bounty but left the vulnerability unpatched.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ