Microsoft researchers recently discovered vulnerabilities in several popular Android apps. According to a blog post from Microsoft’s Threat Intelligence team, the number of downloads exceeded 4 billion.
These vulnerabilities could have allowed an attacker to steal sensitive user data.
The identified issue is called a “dirty stream” attack, which allows a malicious program to override the settings of a vulnerable device and gain access to user authentication tokens and other sensitive information.
This information is then used to impersonate you and possibly access your accounts and data on other services.
Two popular programs that Microsoft specifically mentions are:
Xiaomi File Manager: This app has been installed more than 1 billion times.
WPS Office: This popular office suite has been installed over 500 million times.
Both Xiaomi and WPS Office have now closed the security gap with updates. However, Microsoft recommends that all Android users update these apps immediately if they have them installed on their devices.
Millions of Android users could still be at risk
Both Xiaomi and WPS have patched security holes, but millions of users are still at risk when they update their apps. It is important that users keep these programs updated to protect themselves from these vulnerabilities.
How Android smartphone users can protect themselves
* Keep your apps up to date: Regularly update your apps via the Google Play Store or other trusted sources to ensure they have the latest security patches.
* Install from trusted sources: Only download apps from trusted developers and stores to minimize the risk of malware.
* Be aware of permissions: Before installing an app, check the required permissions. Granting unnecessary privileges can increase risk.
Microsoft is also working with Google to provide information to app developers to help them avoid similar vulnerabilities in the future. This collaboration between security researchers and technology companies is critical to keeping users safe in an evolving threat landscape.