TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

By rooter

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps.

Any other app on the same phone could ask for the signed-in user’s token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Attackers Use AI to Automate EDR Evasion Testing

rooter
Cyber Security

AI Found Your Weaknesses. Let’s Fix Them First.

rooter
Cyber Security

Tropical Blend: Cyber & Politics Ramp Up Across Latin America

rooter

Leave a Reply

You Missed

News

Nintendo confirms it will sell a new Switch 2 with replaceable battery in the EU

News

Microsoft, Atom Computing, EeroQ update their quantum computing progress

News

Google ordered to put clearer links in AI search and let UK publishers opt out

News

Dashlane issues opaque advisory warning 20 encrypted vaults were stolen