HomeWinBuzzer NewsMicrosoft Fixes Outlook for Android Bug That Enabled Cross Site Scripting

Microsoft Fixes Outlook for Android Bug That Enabled Cross Site Scripting

A cross-site scripting vulnerability in Outlook for Android could let attackers on the same network run harmful scripts.


has rolled out a fix for a Medium severity Outlook for Android bug that could enable spoofing at cross-site scripting (XSS). According to an advisory for CVE-2019-1460, the issues lies in how Outlook parses emails.

“An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim,” explained Microsoft. “The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.”

XSS works by injecting scripts into a user's webpages to trick the PC into believing they come from a trusted source. The Outlook vulnerability was found by security researcher Rafael Pablos.

Microsoft says the bug hasn't been exploited in the wild and considers it not publically disclosed. However, now that it's out in the open, it' s a good idea to update your app. Though there's no proof of concept, attackers could find the bug now that they know where to look and can compare versions.

Thankfully, a criminal looking to exploit the vulnerability would have to be on the same network as the user. Given the wide use of phones on public WiFi, that's not an insignificant risk, but at least you're safe if you never leave the house.

Either way, the issue should be remedied in Outlook for 4.0.65+, which you can grab from the Play Store.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News