Jump to content
  • Sign Up
×
×
  • Create New...
New feature: 1 Vote = 0.10€ for server Owner!

Microsoft Finds Major Security Flaw ‘Dirty Stream’ in Android Apps Totalling Billions of Downloads

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted



This is the hidden content, please
Finds Major Security Flaw ‘****** Stream’ in Android Apps Totalling Billions of Downloads

This is the hidden content, please
discovered a major security vulnerability in multiple Android apps last week that could be exploited to gain unauthorised access to apps and sensitive data on the device. Interestingly, this security flaw does not come from the system codes, but an improper usage of a particular system by developers that can lead to loopholes prone to exploitation. Notably, the flaw has been highlighted to
This is the hidden content, please
, and the tech giant has taken steps to make the Android app developer community aware of the issue.

In a

This is the hidden content, please
on its Security Blog, the
This is the hidden content, please
Threat Intelligence team stated, “
This is the hidden content, please
discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory.” The researchers also highlighted that the vulnerability was spotted in several apps in the
This is the hidden content, please
Play Store that had a combined total of more than four billion installations.

This vulnerability emerges when a developer incorrectly uses Android’s content provider system, which is designed to secure data exchange between different apps on a device. This includes data isolation, URI permissions, path validation and other security measures to stop unauthorised access by the apps or anyone else breaking into the app. However, improper implementation of the system affects a component called custom intents. These are the messaging objects that conduct two-way communication between different apps. When this vulnerability exists the apps can ignore the security measures and let other apps (or hackers controlling them) access sensitive data stored in them.

In case of an ******* on the device, hackers can manipulate this vulnerability by accessing just one app, they can enter all such apps that contain this loophole. This enables the bad actors to gain complete control over the device or steal sensitive data including financial information. Notably, the vulnerability was found in the Xiaomi File Manager and WPS Office apps.

This is the hidden content, please
stated in its report that developers behind both the apps have investigated and fixed the issue.

This is the hidden content, please
has also taken cognisance of the issue and published a
This is the hidden content, please
on its Android Developers blog. The company has highlighted the common errors and ways to fix them. It is expected that developers of affected apps will be fixing the issues in the coming days and release a fix. While end users cannot do much to avoid this vulnerability, it is recommended that they remain proactive in updating the apps on their devices and avoid downloading apps from third-party sources for a while.

Affiliate links may be automatically generated – see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on

This is the hidden content, please
,
This is the hidden content, please
,
This is the hidden content, please
,
This is the hidden content, please
and
This is the hidden content, please
. For the latest videos on gadgets and tech, subscribe to our
This is the hidden content, please
. If you want to know everything about top influencers, follow our in-house
This is the hidden content, please
on
This is the hidden content, please
and
This is the hidden content, please
.

Sony Walks Back Helldivers 2 PSN Account Linking Requirement on Steam After Widespread Backlash







This is the hidden content, please

This is the hidden content, please
****** stream security vulnerability android apps billions of downloads android,apps,
This is the hidden content, please
,cyber security,
This is the hidden content, please
play store,malware
#
This is the hidden content, please
#Finds #Major #Security #Flaw #****** #Stream #Android #Apps #Totalling #Billions #Downloads

This is the hidden content, please

0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept