:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/NNB32L6OMVBUBJVXTBZ7AJSFDY.jpg)
Microsoft has issued a warning about a vulnerability pattern that has been discovered in several popular Android applications installed on over 4 billion devices. This vulnerability, known as ‘Dirty Stream’, allows cybercriminals to execute malicious code and steal login tokens. Microsoft’s Threat Intelligence team uncovered this vulnerability, which enables malicious actors to take full control of an application by executing arbitrary code. By stealing tokens, cybercriminals can gain access to user accounts and sensitive data.
Researchers first informed developers about this vulnerability in February, and updates have been released to address the issue. Microsoft is raising awareness about this vulnerability to help prevent developers from introducing it into their Android apps. Examples of affected applications include Xiaomi File Manager and WPS Office, which have been successfully patched.
This vulnerability is found in the data and file exchange system on Android devices. The content provider system is used to exchange data between applications, but an incorrect implementation can introduce vulnerabilities. This can allow malicious actors to bypass security measures and gain control over the application.
Microsoft is collaborating with Google to provide guidance for Android developers to recognize and avoid this vulnerability pattern. They recommend using the Android app security guide and the Android Lint tool to identify vulnerabilities. Users are advised to keep their applications and devices updated to protect against this vulnerability.
In conclusion, Microsoft’s Threat Intelligence team has uncovered a significant vulnerability pattern in several popular Android applications that have been installed on over 4 billion devices. This vulnerability allows cybercriminals to execute malicious code and steal login tokens, giving them full control of an application by executing arbitrary code
