Security Flaw In Spotify For Android Users which enables Phishing

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

According to Trend Micro, the glitch is present in versions of the app earlier that 1.1.1 and, if successfully exploited, it would permit taking control of what is displayed in the app’s interface.

Phishing is use to capture the Users email, password and a lot of details, considering that Spotify also provides a paid service.

Simon Huang, mobile security engineer at Trend Micro, says that “the vulnerability affects a specific activity (com.spotify.mobile.android.ui.activity.TosTextActivity), which is designed to retrieve and show Spotify web pages on the app.”

Exploiting the flaw, the security researcher was able to bring the Google home page in the interface of the Spotify app.

He warns that minimizing the activity can be done without restriction and if the potential victim uses the “back” button to stop Spotify the malicious content pops up on the screen.

Spotify has responded to Trend Micro’s notification and released an update for the app. All users are advised to get the latest version, 1.1.2, as soon as possible in order to eliminate the security risk.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply