Date:24/06/19
More technical details and proof-of-concept for the OutLook for Android vulnerability has been released that we have covered in a separate article here.
Microsoft has released an updated version of its "Outlook for Android" that patches an important security vulnerability in the popular email app that is currently being used over 100 million users.
According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app parses incoming email messages.
If exploited, remote attackers can execute malicious in-app client-side code on the targeted devices just by sending them emails with a specially crafted message.
"The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user."
According to Microsoft, the flaw was responsibly reported by multiple security researchers independently—including Bryan Appleby from F5 Networks, Sander Vanrapenbusch, Tom Wyckhuys, Eliraz Duek from CyberArk and Gaurav Kumar—and could potentially lead to spoofing attacks.
The technical details or any proof-of-concept of this flaw is not yet available in public and Microsoft is currently not aware of any attack in the wild related to this issue.
If your android device hasn't updated automatically yet, you are advised to manually update your Outlook app from the Google Play Store.
Important Flaw in Outlook App for Android Affects Over 100 Millions Users
More technical details and proof-of-concept for the OutLook for Android vulnerability has been released that we have covered in a separate article here.Microsoft has released an updated version of its "Outlook for Android" that patches an important security vulnerability in the popular email app that is currently being used over 100 million users.
According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app parses incoming email messages.
If exploited, remote attackers can execute malicious in-app client-side code on the targeted devices just by sending them emails with a specially crafted message.
"The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user."
According to Microsoft, the flaw was responsibly reported by multiple security researchers independently—including Bryan Appleby from F5 Networks, Sander Vanrapenbusch, Tom Wyckhuys, Eliraz Duek from CyberArk and Gaurav Kumar—and could potentially lead to spoofing attacks.
The technical details or any proof-of-concept of this flaw is not yet available in public and Microsoft is currently not aware of any attack in the wild related to this issue.
If your android device hasn't updated automatically yet, you are advised to manually update your Outlook app from the Google Play Store.
Views: 420
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
