We often talk about the importance of keeping our devices updated to be protected against different bugs and security threats that are being discovered. Today we bring a new example of this, since Microsoft has made public the discovery of a new vulnerability in Android which affects applications with millions of downloads.
The name of the vulnerability we are talking about is Dirty Stream, a serious security problem that could be exploited to obtain the private data of Android users. But what exactly does this vulnerability consist of? We’ll tell you then.
The vulnerability affects applications with millions of downloads
As Microsoft researchers explain in an extensive publication on their website, the vulnerability we are talking about takes advantage of what is known as content provider systema system designed to securely share data between different applications on the same Android device.
Although the system we are talking about has different security measures to prevent unauthorized access to user data (such as the use of permissions, validation of file paths or data isolation), everything seems to indicate that a bad configuration could leave the door open to attackers.
The result is that attackers could bypass existing security measures and execute malicious code on the device, as well as access users’ personal data. Microsoft has found several applications with millions of downloads around the world affected by the vulnerability we are talking about.
Two of the affected applications are Xiaomi File Manager and WPS Office: In both cases, Microsoft managed to exploit the vulnerability to execute arbitrary code on the device.
At this point, it is important to keep in mind that the impact of the vulnerability may vary depending on the particular configuration of each implementation. For example, many applications read server configuration from a particular directory. The vulnerability we are talking about could modify this configuration and make the app affected person communicates with the attacker’s serversending the user’s private information.
The company has collaborated with Google and the developers of the apps mentioned to correct the error and prevent it from occurring in the future. Even so, There could be more applications affected by the vulnerability. Taking this into account, we remember the importance of keeping our applications and devices always updated, as well as downloading applications only from official sources.
Cover image | Microsoft Designer Image Creator
Via | Bleeping Computer