Microsoft discovers common vulnerability pattern in multiple popular Android apps

Microsoft on Wednesday disclosed a common vulnerability pattern in multiple popular Android applications, including at least four with more than 500 million installations each. 

This vulnerability could allow a malicious app to overwrite files in the vulnerable application's home directory, potentially leading to arbitrary code execution or the theft of security tokens.

"We identified several vulnerable applications in the Google Play Store that represented over four billion installations. We anticipate that the vulnerability pattern could be found in other applications. As threats across all platforms continue to evolve, industry collaboration among security researchers, security vendors, and the broader security community is essential in improving security for all. Microsoft remains committed to working with the security community to share vulnerability discoveries and threat intelligence to protect users across platforms," the Microsoft Threat Intelligence team wrote in a post.

After discovering this issue, Microsoft notified affected app developers through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) and worked with them to address the issue. As of February 2024, patches and updates have been issued to mitigate the risk in the impacted applications, Microsoft said, adding that users must keep their devices and applications up to date.

Microsoft further shared its findings with Google's Android Application Security Research team to help Android developers identify and secure against similar vulnerabilities in the future.

For end users, Microsoft strongly advises keeping all mobile applications updated via the Google Play Store or other verified platforms, which ensures that security patches and updates are applied as soon as they are available. Additionally, users who accessed SMB or FTP shares through apps like the Xiaomi application before receiving the updates are recommended to reset their credentials and monitor for any unusual activity to safeguard against potential compromises.

More details about the vulnerability pattern are available in Microsoft's blog post.