Microsoft Warns of Dangerous Vulnerability Affecting Billions of Android Users: What You Need to Know

The Exploitable Security Flaw in Android Apps: ‘Dirty Stream’ | TECHNOLOGY

Microsoft has issued a warning regarding a vulnerability affecting several popular Android applications with over 4 billion installations. This vulnerability allows cybercriminals to execute malicious code and steal login tokens from devices. Referred to as ‘Dirty Stream’, this vulnerability gives attackers full control over an application’s behavior and can result in access to user accounts and sensitive data.

The Microsoft Threat Intelligence team uncovered this vulnerability, which affects popular Android apps available on the Google Play Store. Researchers started sharing their findings with developers of affected applications in February. Developers have been working on updates to address the issue since then.

One of the affected applications is Xiaomi File Manager, which had a vulnerability in version V1-210567. Xiaomi has since released an updated version, V1-210593, to fix this issue. Similarly, the WPS Office app had a vulnerability in version 16.8.1, which was addressed in version 17.0.0.

The vulnerability arises in the data and file exchange system on Android, allowing applications to share information through a system called content provider. However, improper implementation of this system can introduce vulnerabilities that allow malicious actors to execute arbitrary code and steal tokens, leading to access to sensitive data.

Microsoft is working with Google to create guidelines for Android app developers to prevent this type of vulnerability. They recommend using tools like Android Lint and GitHub’s CodeQL service to identify and address vulnerabilities

Leave a Reply