Microsoft fixes major vulnerability in Android apps using MSAL

Madalina Dinita
by Madalina Dinita
Managing Editor
0 Comments
Download PDF
Affiliate Disclosure

Android

As it happens every month, the December Patch Tuesday updates are finally here. These updates include a host of new security features and fixes to some of the most important Microsoft Windows features in use.

Additionally, Microsoft revealed several vulnerabilities that it  managed to identify and fix along the way.

For example, Microsoft confirms the existence of an Android Information Disclosure Vulnerability through one of its CVE threads.

What is this Android Information Disclosure Vulnerability?

Apparently, Android apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later suffer from an information disclosure vulnerability.

However, it would seem that certain conditions need to be met in order for the vulnerability to be exploited. Unfortunately, if those conditions are met, this vulnerability could result in sensitive data being exposed.

On the flip side, in order to exploit this vulnerability, the attacker would need to be authenticated so he can have the right to view the sensitive data.

This latest security update takes care of the matter by modifying how the data is sanitized.

Microsoft did not disclose what kind of information exactly could be exposed, but they went ahead and stated that:

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

Sensitive information could mean anything from contact details to passwords or credit card info stored on the phone.

Given the importance and sensitivity of this information, having solved this vulnerability is great news.

If you too want to take advantage of these security features, make sure you install the latest Patch Tuesday updates as soon as they become available.

If you don’t know how to install them, check out this detailed guide for more info.

Editor’s Note: If you want to know everything there is to know on Patch Tuesday, check out this in-depth guide.