Spoofing Vulnerability Found In Microsoft Outlook For Android

  • 10

Microsoft recently disclosed a vulnerability in Outlook for Android that risked millions of devices. Exploiting the bug could permit cross-site scripting attacks on target devices.

Microsoft Outlook For Android Vulnerability

Microsoft has warned users of a vulnerability affecting its Outlook app for Android. As elaborated, it was an easy-to-exploit bug that required an attacker to simply send a maliciously crafted email to the victim.

Describing the vulnerability, CVE-2019-1460, in an advisory, Microsoft stated,

A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.

As a result, the attacker could then perform XSS attacks in the context of the current user.

The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.

Microsoft disclosed this vulnerability following its scheduled monthly Patch Tuesday updates.

Patch Rolled-Out

Microsoft Outlook is a popular application on Android that currently boasts over 100 million installations. It means this bug potentially posed a threat to millions of devices.

This XSS vulnerability first caught the attention of security researcher Rafael Pablos. Microsoft have rolled out a fix for this bug by addressing the way Microsoft Outlook parses specially crafted messages. They have also acknowledged the researcher for this flaw.

To stay protected from potential attacks, users using Microsoft Outlook on their Android devices must they update the app.

Researchers from Symantec have also recommended some precautionary steps to follow. These include,

  • Running all software as non-privileged users with minimum permissions
  • Monitoring traffic for suspicious activities
  • Avoiding links from untrusted sources
  • Disabling script code and active content in web browsers

Let us know your thoughts in the comments.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!