Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Microsoft reports Dirty Stream vulnerability impacts popular Android apps
The vulnerability was detected in two popular apps with billions of combined downloads
3 min. read
Published onMay 6, 2024
published onMay 6, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Researchers at Microsoft have detected a security vulnerability dubbed Dirty Stream in several Android apps. The security research team detected the vulnerability in the filesharing mechanism of several file-sharing Android apps as reported byBleepingComputer.
Vulnerabilities are a boon to cybercriminals and provide an easy pass to target naive users. Given the availability of over 3.5 billion active Android phones globally, preventing them is the need of the hour.
Users are often asked to prevent visiting shady websites or using apps downloaded from unofficial app stores. But, deep down you’d agree that it is the responsibility of the platform owners to protect its users from any frauds.
Microsoft security research team detects ‘Dirty Stream’ vulnerability in two popular Android apps
Talking of responsibility, Microsoft has a dedicated security research team for the same. Security researchers are responsible for detecting and negating possible threats posed by any vulnerabilities.
More recently, security researchers at Microsoft have detected a vulnerability in the filesharing mechanism of several Android apps. They have detected a vulnerability dubbedDirty Streamin popular apps like Xiaomi File Manager, WPS Office, and more.
Dirty Streammalware lets malicious apps send a file with a manipulated filename or path to another app’s home directory. It misleads the target to trust that filename or path and stores the file in the critical directory.
This eventually manipulates the data stream between two Android apps and possibly leads to unauthorized code execution, data theft, and more.
In a recent blog post, Dimitrios Valsamaras, Microsoft’s security researcher adds that such incorrect implementations unfortunately exist in large amounts. He adds:
We identified several vulnerable applications in the Google Play Store that represented over four billion installations. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent introducing such vulnerabilities into new apps or releases.
Valsamaras says both companies responded to the findings and teamed up with Microsoft to fix the vulnerability. Google alsopublished Microsoft’s report on the Android Developers websiteto draw developers’ attention to mitigate similar vulnerabilities down the line.
From the user’s point of view, there’s nothing much you can do other than update the apps regularly or avoid downloading APKs from unofficial third-party stores or shady websites.
You can check further detailshere.
More about the topics:Android,Cybersecurity,security threats
Vlad Turiceanu
Windows Editor
Passionate about technology,Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world.
Coming from a solid background in PC building and software development, with a complete expertise in touch-based devices, he is constantly keeping an eye out for the latest and greatest!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Vlad Turiceanu
Windows Editor
Coming from a solid background in PC building and software development, he’s a Windows 11 Privacy & Security expert.
