Major Security Flaw Dirty Stream Found on Android Apps With Billions Downloads by Microsoft All Details

Microsoft last week discovered a major security hole in several Android apps that could be exploited to gain unauthorized access to apps and sensitive data on the device. Interestingly, this security flaw does not come from the system code, but rather from the misuse of a particular system by developers which can lead to hacking vulnerabilities. The flaw has been reported to Google and the tech giant has taken steps to make the Android app developer community aware of the issue.

One on your security blog Post In a statement, the Microsoft Threat Intelligence Team said, “Microsoft discovered a path traversal-associated vulnerability pattern in several popular Android applications that could enable a certain malicious application to overwrite files in the home directory of a vulnerable application. Is.” Researchers also highlighted that the vulnerability was observed in several apps in the Google Play Store, which had a total of more than four billion installations.

This vulnerability emerges when a developer misuses Android’s content provider system, which is designed to secure data exchange between different apps on a device. This includes data isolation, URI permissions, path validation, and other security measures to prevent unauthorized access to the app by users or any other person. However, improper implementation of the system affects the component named custom intent. These are messaging objects that create two-way communication between different apps. When this vulnerability exists, apps can bypass security measures and allow other apps (or hackers who control them) access to sensitive data stored in them.

In case of an attack on the device, hackers can manipulate this vulnerability by accessing just one app, they can penetrate all the apps that have this flaw. This enables hackers to gain full control over the device or steal sensitive data including financial details. In particular, vulnerabilities were found in Xiaomi File Manager and WPS Office apps. Microsoft said in its report that the developers of both the apps have investigated and fixed the problem.

Google has also taken cognizance of the issue and posted a post on its Android Developers Blog. Post Has been published. The company has highlighted common flaws and ways to fix them. The developers of the affected apps are expected to fix the issues and release a fix in the coming days.