Microsoft has warning about these 2 Android apps – ET CISO
https://etimg.etb2bimg.com/thumb/msid-109832906,imgsize-62402,width-1200,height=765,overlay-etciso/ot-security/microsoft-has-warning-about-these-2-android-apps.jpg
Microsoft researchers recently discovered vulnerabilities in several popular Android applications, totaling over 4 billion downloads according to a blog post by Microsoft’s Threat Intelligence Team. These security flaws could have allowed attackers to steal sensitive user data.
The specific issue identified is called a “dirty stream” attack, where a malicious app could potentially overwrite settings on a vulnerable device and gain access to a user’s authentication tokens or other confidential information. This information could then be used to impersonate the user and potentially access their accounts or data on other services.
Two popular apps specifically mentioned by Microsoft are:
Xiaomi’s File Manager: This app has over 1 billion installs.
WPS Office: This popular office suite has over 500 million installs.
Both Xiaomi and WPS Office have since addressed the vulnerabilities with updates. However, Microsoft recommends that all Android users update these apps immediately if they are installed on their devices.
How millions of Android users may still be at risk
While both Xiaomi and WPS have patched the security loophole, but millions of users may still be at risk if they haven’t updated their apps. It is important for users to have updated these apps to protect themselves from these security flaws.
How Android smartphone users can protect themselves
* Keep apps updated: Regularly update your apps through the Google Play Store or other trusted sources to ensure you have the latest security patches.
* Install from trusted sources: Only download apps from reputable developers and stores to minimize the risk of malware.
* Be cautious of permissions: Pay attention to the permissions requested by apps before installing them. Granting unnecessary permissions can increase your risk.
Microsoft has also collaborated with Google to inform app developers and help them avoid similar vulnerabilities in the future. This collaboration between security researchers and tech companies is crucial in keeping users safe in an evolving threat landscape.