TechMicrosoft finds 'Dirty Stream' flaw in Android apps with 4B downloads

Microsoft finds 'Dirty Stream' flaw in Android apps with 4B downloads

Microsoft has uncovered a significant vulnerability within Android applications, impacting apps that have collectively been downloaded billions of times from the Google Play Store.

Smartphone with Android
Smartphone with Android
Images source: © Adobe Stock

9:33 AM EDT, May 5, 2024

According to the Redmond-based tech giant, a grave security flaw has been identified, affecting several popular applications downloaded over four billion times from the Google Play store.

The vulnerability, dubbed "Dirty Stream," targets the Android system's ContentProvider tool, which facilitates file sharing among installed applications. The critical issue arises from the potential to exploit this flaw by overwriting important files in the home directory.

This vulnerability could lead to severe consequences, such as the compromise of login information or other sensitive data and even complete loss of control or access to the affected application.

"We have pinpointed several apps in the Google Play store, collectively surpassing four billion installations, that are susceptible to this vulnerability. We believe similar vulnerabilities may exist in other apps. In sharing this research, we intend to encourage developers and publishers to scrutinize their apps for such vulnerabilities, rectify them if found, and avert them in future app developments or updates," stated Microsoft in their announcement.

Which specific apps are affected? Microsoft specifies two vulnerable apps that have since been patched: Xiaomi Inc.'s File Manager, with over one billion downloads, and WPS Office, with over 500 million installations.

Related content
© essanews.com
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.