Microsoft finds 'Dirty Stream' flaw in Android apps with 4B downloads
Microsoft has uncovered a significant vulnerability within Android applications, impacting apps that have collectively been downloaded billions of times from the Google Play Store.
9:33 AM EDT, May 5, 2024
According to the Redmond-based tech giant, a grave security flaw has been identified, affecting several popular applications downloaded over four billion times from the Google Play store.
The vulnerability, dubbed "Dirty Stream," targets the Android system's ContentProvider tool, which facilitates file sharing among installed applications. The critical issue arises from the potential to exploit this flaw by overwriting important files in the home directory.
This vulnerability could lead to severe consequences, such as the compromise of login information or other sensitive data and even complete loss of control or access to the affected application.
"We have pinpointed several apps in the Google Play store, collectively surpassing four billion installations, that are susceptible to this vulnerability. We believe similar vulnerabilities may exist in other apps. In sharing this research, we intend to encourage developers and publishers to scrutinize their apps for such vulnerabilities, rectify them if found, and avert them in future app developments or updates," stated Microsoft in their announcement.
Which specific apps are affected? Microsoft specifies two vulnerable apps that have since been patched: Xiaomi Inc.'s File Manager, with over one billion downloads, and WPS Office, with over 500 million installations.