Home Hacking News Spoofing Vulnerability Found In Microsoft Outlook For Android
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Spoofing Vulnerability Found In Microsoft Outlook For Android

by Abeerah Hashim
written by Abeerah Hashim
Microsoft Outlook for Android vulnerability

Microsoft recently disclosed a vulnerability in Outlook for Android that risked millions of devices. Exploiting the bug could permit cross-site scripting attacks on target devices.

Microsoft Outlook For Android Vulnerability

Microsoft has warned users of a vulnerability affecting its Outlook app for Android. As elaborated, it was an easy-to-exploit bug that required an attacker to simply send a maliciously crafted email to the victim.

Describing the vulnerability, CVE-2019-1460, in an advisory, Microsoft stated,

A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.

As a result, the attacker could then perform XSS attacks in the context of the current user.

The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.

Microsoft disclosed this vulnerability following its scheduled monthly Patch Tuesday updates.

Patch Rolled-Out

Microsoft Outlook is a popular application on Android that currently boasts over 100 million installations. It means this bug potentially posed a threat to millions of devices.

This XSS vulnerability first caught the attention of security researcher Rafael Pablos. Microsoft have rolled out a fix for this bug by addressing the way Microsoft Outlook parses specially crafted messages. They have also acknowledged the researcher for this flaw.

To stay protected from potential attacks, users using Microsoft Outlook on their Android devices must they update the app.

Researchers from Symantec have also recommended some precautionary steps to follow. These include,

  • Running all software as non-privileged users with minimum permissions
  • Monitoring traffic for suspicious activities
  • Avoiding links from untrusted sources
  • Disabling script code and active content in web browsers

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses