By 
Due to the ever-evolving nature of Android, sometimes new vulnerabilities can be found. This could be due to a number of reasons, but it’s something that pretty much all platforms have to deal with. Unfortunately, it looks like Android has a new app vulnerability that Android users should probably be aware of.
In a post on Microsoft’s Threat Intelligence blog, the company’s security researchers have uncovered a new Android app vulnerability they’re calling “Dirty Stream”. If it’s exploited, it has the potential for malicious apps to overwrite the files in another app and gain access to that app and how it functions.
This is due to the use of the content provider system on Android. This is a system that allows apps to access data sets that are shared amongst other apps. By taking advantage of this vulnerability, a malicious app could overwrite data from a legitimate app. This in turn could allow the developers of the malicious app to gain access to potentially sensitive data. This includes data such as login credentials, for example.
Some of the apps that have been affected include Xiaomi File Manager and WPS Office. Luckily, when the vulnerability was discovered, Microsoft reached out to the developers who patched it in February. It is unclear how many more apps are affected. Hopefully developers are aware of this and are working on patching their own apps. In the meantime, as always, stay away from suspicious third-party app sites. Also, don’t simply click on links you receive in emails.
Comments