Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw | Cybersecurity

Prime members enjoy Prime FREE One-Day delivery

May 02, 2024. Newsroom Vulnerability / Android.

Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app’s home directory.

“The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation,” Dimitrios Valsamaras of the Microsoft Threat Intelligence team said in a report published Wednesday.

Successful exploitation could allow an attacker to take full control of the application’s behavior and leverage the stolen tokens to gain unauthorized access to the victim’s online accounts and other data.

Two of the apps that were found vulnerable to the problem are as follows –

  • Xiaomi File Manager (com.mi. Android.globalFileexplorer) – Over 1 billion installs
  • WPS Office (cn.wps.moffice_eng) – Over 500 million installs

While Android implements isolation by assigning each application its own dedicated data and memory space, it offers what’s called a content provider to facilitate data and file sharing between apps in a secure manner. But…

Source thehackernews.com

Advertisement Gaming:   Xbox  |  Xbox Bundles  |  Nintendo  |  Playstation  |  Cards   |   Manor Lords   |   Horizon Forbidden West
FTC: We use income earning affiliate links. More on Sposored links.
Terms of use and third-party services. More here.

Ad Amazon Minecraft the game, plus clothing, toys, and accessories.

Ad Amazon Gaming Laptops, clothing, games and more

Ad Amazon MUSIC Artists Merch Shop

Stay connected throughout the year with official, ongoing Microsoft podcasts.
Microsoft Podcasts Apple | Microsoft podcasts YouTube


Related Posts