Microsoft today released an updated version of its “Outlook for Android” that patches an important security vulnerability in the popular email app that is currently being used over 100 million users.
According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app parses incoming email messages.
If exploited, remote attackers can execute malicious in-app client-side code on the targeted devices just by sending them emails with a specially crafted message.
“The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.”
According to Microsoft, the flaw was responsibly reported by multiple security researchers independently and could potentially lead to spoofing attacks.
The technical details or any proof-of-concept of this flaw is not yet available in public and Microsoft is currently not aware of any attack in the wild related to this issue.
If your android device hasn’t updated automatically yet, you are advised to manually update your Outlook app from the Google Play Store.
Code Execution Vulnerability Identified in Change Healthcare Cardiology DevicesA vulnerability has been identified in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The vulnerability could be exploited by a locally authenticated...
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most Targeted
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most TargetedThe digital and network footprint of small businesses is continually growing. Online commerce, social media, remote workers, and cloud-based IT infrastructure are...
What Other Companies Can Learn from Facebook’s $5 Billion Fine and Why Privacy MattersWhile Facebook’s $5 billion settlement stands as the largest fine in the history of the Federal Trade Commission (FTC), one must take into consideration that not every company is...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!