In a blog post published by the company, it has revealed that it discovered a vulnerability pattern in multiple Android applications that can give a cybercriminal full control over how an app behaves. In addition to that, it can even give threat actors access to a victim’s account and sensitive info.
The vulnerability identified by Microsoft centers around the improper implementation of app isolation, which can allow a malicious app to trick another app into overwriting important files.
Microsoft notified application developers about the flaw after discovering it and worked with them to fix the problem. Two of the apps mentioned in the report include Xiami’s File Manager, which was installed more than a billion times, and WPS Office, which was downloaded over 500 million times. The issues found in these apps were addressed in February and if you have them on your phone, you are advised to ensure that your device and apps are up to date.
If the app in question provides the option to connect to remote file shares using the FTP and SMB protocols, as is the case with Xiaomi’s File Manager, the impact can extend beyond the victim’s mobile device. That’s why, users of Xiaomi’s File Manager should ideally reset credentials and keep an eye out for any anomalous behavior.
For Android users worried about vulnerabilities like this, Microsoft says that they should always have the latest version of apps running on their phones and only download apps from trusted sources.