Additionally, Microsoft revealed several vulnerabilities that it managed to identify and fix along the way. For example, Microsoft confirms the existence of an Android Information Disclosure Vulnerability through one of its CVE threads.
What is this Android Information Disclosure Vulnerability?
Apparently, Android apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later suffer from an information disclosure vulnerability. However, it would seem that certain conditions need to be met in order for the vulnerability to be exploited. Unfortunately, if those conditions are met, this vulnerability could result in sensitive data being exposed. On the flip side, in order to exploit this vulnerability, the attacker would need to be authenticated so he can have the right to view the sensitive data. This latest security update takes care of the matter by modifying how the data is sanitized. Microsoft did not disclose what kind of information exactly could be exposed, but they went ahead and stated that:
Given the importance and sensitivity of this information, having solved this vulnerability is great news.
If you too want to take advantage of these security features, make sure you install the latest Patch Tuesday updates as soon as they become available.
If you don’t know how to install them, check out this detailed guide for more info.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
