Microsoft warns of "Dirty Stream" attack impacting Android apps
Microsoft warns of "Dirty Stream" attack impacting Android apps
www.bleepingcomputer.com Microsoft warns of "Dirty Stream" attack impacting Android apps
Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft.
1
comments
Dirty Stream allows malicious apps to send a file with a manipulated filename or path to another app using a custom intent. The target app is misled into trusting the filename or path and executes or stores the file in a critical directory.
Couldn't Android filter these names so they can't contain a path?