© Unsplash/Daniel Romero
Microsoft explains on its security blog that a major flaw affects billions of Android smartphones around the world. The problem actually lies in the misuse of a system component by some application developers. Very concretely, the data and memory space of each Android application are isolated by default from other applications, and more broadly from the rest of the smartphone's internal memory.
However, developers may require more extensive memory access to access data from other applications, such as photos or documents. To make this possible, the Android SDK provides a “class” special – in other words a piece of code allowing these accesses to be secured. This class, FileManager, is, when used correctly, the best way to allow access to files outside the application directory while maintaining some isolation between them. .
Leading Android applications are affected
The firm explains: “This content provider-based model provides a well-defined file sharing mechanism, allowing a server application to share its files with other applications securely and with fine-grained control. However, we have frequently encountered cases where the consuming application does not validate the contents of the file it receives. Enough to allow access to very sensitive data.
But that's not all: “even more worrying, it uses the file name provided by the’ server application to cache the received file in the internal data directory of the consuming application. If the serving application implements its own malicious version of FileProvider, it might be able to cause the consuming application to overwrite critical files.”
Enough to allow opportunistic malware to take advantage of applications where FileManager has been poorly implemented to carry out an attack without triggering an alert. Microsoft says it discovered the problem in at least four top apps, with more than 500 million downloads. In particular the File Manager application from Xiaomi and WPS Office (Kingsoft. Patches are already being deployed.
Google should partially plug the flaw in a next patch of the Android system Developers are asked to follow the latest instructions which have just been updated thanks to Microsoft's discovery. If you have an Android smartphone, it is recommended to update your applications. and quickly install the next available security patch.
- A major security flaw affects smartphones Android.
- This mainly lies in a poor implementation of a system component linked to secure access to portions of the disk in certain applications.
- A handful of popular apps are affected.
- Users are advised to regularly update their apps as well as the Android operating system, while fixes are emerging.
📍 To not miss any news from Presse-citron, follow us on Google News and WhatsApp.
[ ]