Submit a comment
Microsoft has just announced that several popular applications used by more than 4 billion Android users worldwide contain security vulnerabilities.
In a blog post, Microsoft said it had discovered a pattern of security vulnerabilities that existed in various Android applications, which could be exploited by hackers to take over all the software's rights and operations. The company also said that this risk also "opens the way" for criminals to access victims' accounts as well as sensitive information.
The vulnerability discovered by Microsoft revolves around improper implementation of application quarantine on the system, which could allow a malicious application to trick another program into overwriting important files.
The software giant notified the developers of the programs on the list immediately after discovering the vulnerability and worked with them to address the issue before making it public.
According to Phone Arena, two of these are Xiaomi's File Manager system file manager (with over a billion installs) and WPS Office - an office suite similar to Office 365 with over 500 million downloads.
The vulnerability was discovered around February 2024. Users are now advised to update all software on their devices as well as the latest Android version for the device to promptly add security patches.
In cases where the application requests remote connection permissions to share files using FTP and SMB protocols, as in the case of File Manager, the damage caused can extend beyond the victim's hardware device. Therefore, users of this software should reset all login information and keep an eye out for unusual behavior on their computers.
Microsoft experts are concerned that the vulnerability may still exist in many other applications that the company has not been able to test. The hope now is that the official announcement will encourage publishers to re-test their software and release updates to fix the problem and avoid similar problems in new versions of the application.
Microsoft recommends that Android users regularly update their apps to the latest versions, and only download and install software from reputable, authenticated sources.
TH (according to VTC News)