Highlights
- Microsoft reveals serious vulnerabilities in widely used Android apps.
- Vulnerabilities allow attackers to hijack app functions and access sensitive data.
- Xiaomi’s File Manager and WPS Office identified and fixed the issues.
- Users advised to update apps and monitor accounts for unusual activity.
Microsoft has identified some widely used Android apps that could put users at serious risk.
In a recent blog post, the company revealed it found a vulnerability pattern affecting multiple Android apps that allows cyber criminals to completely take over how an app functions.
What’s more, attackers could even gain access to users’ accounts and sensitive personal information through this flaw.
The vulnerability centres around apps not properly isolating themselves, which lets malicious apps trick other apps into overwriting important files.
After discovering this issue, Microsoft informed the affected app developers so they could fix the problem.
Two Apps Mentioned as Malicious
Two of the mentioned apps were Xiaomi’s File Manager, installed over a billion times, and WPS Office, downloaded over 500 million times.
The issues with these apps were resolved in February, but users should ensure their apps are fully updated.
For apps like Xiaomi’s File Manager that connect to remote file shares, the impact extends beyond just the user’s phone.
As such, users of this app should reset their credentials and watch for any unusual behaviour.
Microsoft is concerned this vulnerability may exist in other apps they didn’t examine.
They hope highlighting this issue pushes publishers to check their apps and avoid introducing similar flaws going forward.
To protect themselves, Microsoft advises Android users to always run the latest app versions downloaded from trusted sources only.
More Recent Flaws Found in Chinese Keyboards
More recently, researchers at the Citizen Lab in Toronto, Canada, have discovered significant security vulnerabilities in cloud-based keyboard apps designed for typing Chinese characters using the pinyin system.
These vulnerabilities could potentially allow malicious actors to access the keystrokes of over a billion users.
The study examined apps from nine major manufacturers including Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi, finding that eight of these transmitted user keystrokes to remote servers.
The primary concern stems from the cloud-based prediction features of these apps, which claim to enhance the speed of typing in Chinese.
This functionality involves sending keystrokes to cloud servers for processing, inadvertently facilitating a potential breach where these inputs could be intercepted.
FAQs
What did Microsoft discover about Android apps?
Microsoft identified a vulnerability pattern in several popular Android apps that could allow cybercriminals to take control of app functionalities and access user accounts and personal information.
This discovery was shared in a recent blog post by Microsoft.
Which apps were mentioned as having vulnerabilities?
Microsoft specifically mentioned two apps with vulnerabilities: Xiaomi’s File Manager, which has been installed over a billion times, and WPS Office, which has seen over 500 million downloads.
Both apps have since been updated to address these security issues.
What steps did Microsoft take after discovering the vulnerabilities?
After identifying the vulnerabilities, Microsoft notified the developers of the affected apps to enable them to patch the flaws.
This proactive measure helped mitigate potential risks associated with the vulnerabilities.
What should users of the affected apps do?
Users of apps like Xiaomi’s File Manager are advised to update their apps to the latest version to patch the vulnerabilities.
Additionally, they should reset their credentials and remain vigilant for any signs of unusual activity on their devices.
Also Read: Kaspersky Report Highlights Over 600 Million Malware Downloads from Google Play Store
Also Read: Supreme Court Tech Committee Finds Malware, Pegasus Spyware Suspected
Also Read: SpyNote Malware Targets Android Users By Recording Your Calls, Taking Screenshots