Microsoft’s Warning: The “Dirty Stream” Attack on Android Apps. Here is what we know

Microsoft has recently issued a warning about a novel attack, dubbed the “Dirty Stream”, which is impacting Android apps. This attack could allow malicious Android apps to overwrite files in another application’s home directory. The potential consequences of this attack are severe, including arbitrary code execution and secrets theft.

Uncovering the Vulnerability

Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications. This vulnerability could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code execution and token theft.

Arbitrary code execution can provide a threat actor with full control over an application’s behavior. Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data.

The Scope of the Problem

Microsoft identified several vulnerable applications in the Google Play Store that represented over four billion installations. They anticipate that the vulnerability pattern could be found in other applications.

Mitigation and Prevention

After discovering this issue, Microsoft notified application developers through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) and worked with them to address the issue. They would like to thank the Xiaomi, Inc. and WPS Office security teams for investigating and fixing the issue.

As of February 2024, fixes have been deployed for the aforementioned apps, and users are advised to keep their device and installed applications up to date. Recognizing that more applications could be affected, Microsoft acted to increase developer awareness of the issue by collaborating with Google to publish an article on the Android Developers website.

Conclusion

In conclusion, the “Dirty Stream” attack is a serious threat to Android apps. Microsoft’s discovery and subsequent actions demonstrate their commitment to improving security for all. As threats across all platforms continue to evolve, industry collaboration among security researchers, security vendors, and the broader security community is essential in improving security for all.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.