Managed Services Australia Logo - Different Size

Outlook for Android security vulnerability.


November 25, 2019

Security vulnerabilities are ever-looming threats in the digital world. The recent revelation surrounding Microsoft’s Outlook for Android app brings the significance of timely updates and vigilance into sharp focus.

Understanding the Vulnerability

The Cross-Site Scripting (XSS) Threat

An identified bug, CVE-2019-1460, poses a risk of XSS attacks on systems using the Microsoft Outlook for Android app. Cross-Site Scripting is a sophisticated exploit where malevolent actors introduce client-side scripts into web pages. Such scripts can mislead a user’s browser into considering the script as originating from a reputable source.

The Exploitation Mechanism

In this specific scenario, the vulnerability arises from the manner in which the Microsoft Outlook for Android software processes certain email messages. By sending a specifically crafted email, an attacker can exploit this vulnerability. An insight by Czech firm Cybersecurity Help suggests that this vulnerability is due to the lack of adequate sanitisation of user-provided data.

However, there’s a limitation. To execute this attack, an adversary must be authenticated on the same network as the prospective victim.

Possible Repercussions

Exploiting this vulnerability allows for a range of malicious activities. Symantec indicates that spoofing attacks become feasible for attackers. Moreover, Cybersecurity Help points out that it provides opportunities for attackers to extract potentially confidential information, modify the appearance of web pages, and engage in phishing and drive-by-download attacks.

The Backbone of Your Business

Mitigating the Risk

Immediate Action Steps

All users of the Outlook for Android app should promptly check for the latest version and ensure their app is updated. If auto-updates haven’t taken place, it’s essential to update the app manually.

Additional Precautions

Beyond the software update, Symantec emphasises the importance of running the software in a non-privileged mode, ensuring that the software has only minimal access rights.

This vulnerability was identified and reported by researcher Rafael Pablos. On the CVSS v.3 vulnerability rating scale, it’s rated at 5.6 out of 10 in terms of severity, and Microsoft categorises it as an “important” vulnerability.

Protecting your digital landscape is a continuous endeavour. Stay informed and remain vigilant.

Discover more about Managed Services Australia and our comprehensive tech solutions here.

Dive into a world of tech advancements by visiting our Technology Centre. Begin your journey with a strategic purchase today!

Reach out to our expert team at šŸ“ž 1300 024 748 or drop a line through our contact form. Your uninterrupted operations are just a call away.

Book a consultation with Managed Services Australia.

Start your journey towards seamless IT solutions with us today ā€“ unlock your businessā€™s true potential!