:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/NNB32L6OMVBUBJVXTBZ7AJSFDY.jpg)
Microsoft has issued a warning regarding a vulnerability affecting several popular Android applications with over 4 billion installations. This vulnerability, known as ‘Dirty Stream’, allows cybercriminals to execute malicious code and steal login tokens from devices.
Researchers at Microsoft’s Threat Intelligence team uncovered this vulnerability, which affects popular Android apps available on the Google Play Store. The team began sharing their findings with developers of affected applications in February. Developers have been working on updates to address the issue ever since.
One of the affected applications is Xiaomi File Manager, which had a vulnerability in version V1-210567. Xiaomi has since released an updated version, V1-210593, to fix this issue. Similarly, the WPS Office app had a vulnerability in version 16.8.1, which was addressed in version 17.0.0.
The vulnerability arises in the data and file exchange system on Android, allowing applications to share information through a system called content provider. However, improper implementation of this system can introduce vulnerabilities that allow malicious actors to execute arbitrary code and steal tokens, leading to access to sensitive data.
Microsoft is working closely with Google to create guidelines for Android app developers to prevent this type of vulnerability from occurring again in the future. They recommend using tools like Android Lint and GitHub’s CodeQL service to identify and address vulnerabilities before they can be exploited by cybercriminals.
Users are advised to keep their applications and devices updated to protect against this vulnerability and any other potential security threats that may arise in the future.
