Broken Authentication Vuln Threatens Amazon Photos Android App

1 month ago 23

A high-severity flaw successful the Amazon Photos Android App — which has much than 50 cardinal downloads — could let attackers to bargain a user's Amazon entree token and usage it to entree aggregate Amazon APIs.

The squad astatine Checkmarx alerted Amazon to the breached authentication vulnerability successful the Amazon Photo App for Android, which allows users to share, print, and store mobile photos.

The analysts said the bug is owed to a constituent misconfiguration successful the app's manifest file.

"Whenever this enactment is launched, it triggers an HTTP petition that carries a header with the customer's entree token," the squad said. After receiving the request, the analysts recovered they could besides summation power of the server.

The study added that, "with each these options disposable for an attacker, a ransomware script was casual to travel up with arsenic a apt onslaught vector. A malicious histrion would simply request to read, encrypt, and re-write the customer’s files portion erasing their history."

To support themselves, users should update to the latest mentation of the app. Checkmarx researchers said that downloads made earlier Dec. 18 are affected if users haven't updated the app since then.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, information breach information, and emerging trends. Delivered regular oregon play close to your email inbox.

Subscribe

Read Entire Article