1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft warns many big Android apps carry major flaws

    From TechnologyDaily@1337:1/100 to All on Fri May 3 11:45:06 2024
    Microsoft warns many big Android apps carry major flaws

    Date:
    Fri, 03 May 2024 11:30:00 +0000

    Description:
    Among them are Xiaomi's and WPS' products, which already issued fixes.

    FULL STORY ======================================================================

    Cybersecurity researchers from Microsoft found a way for Android malware to overwrite files in another, legitimate applications home directory. In
    theory, threat actors could use this vulnerability to mount arbitrary code execution attacks, or steal sensitive files from apps.

    In a blog post published earlier this week, Microsoft broke down how the vulnerability works, which apps were vulnerable, which already plugged the holes, and what can be expected in the weeks and months to come.

    The vulnerability stems from the way Android tries to keep sensitive information, generated by different apps, secure. Dirty Stream

    As Microsoft explains, every app on the Android device is isolated from
    others by getting its own dedicated data and memory space. That prevents the apps from reading each others data which could, in some scenarios, lead to data leakage.

    But sometimes apps need to share data among themselves, which is why Android introduced a component called content provider, which works as an interface for securely managing and exposing data to other apps.

    When used correctly, a content provider provides a reliable solution.
    However, improper implementation can introduce vulnerabilities that could enable bypassing of read/write restrictions within an applications home directory, the researchers explained.

    The worst part is that improper implementations are too many to count. Microsoft claims that it identified vulnerable applications in the Play Store that represented over four billion installations.

    Among them are XIaomis File Manager (more than a billion installations), and WPS Office (roughly 500 million installs). Microsoft notified these two companies of its findings, and both have already deployed fixes and mitigated the risks. However, since there are too many vulnerable applications out
    there to notify everyone separately, Microsoft published an article on the Android Developers website, BleepingComputer found. Furthermore, Google updated its app security guidance to reflect the findings, as well.

    The vulnerability was dubbed Dirty Stream. More from TechRadar Pro Android
    has a worrying security flaw, so users need to update now Here's a list of
    the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-warns-many-big-android-apps-c arry-major-flaws


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)