Microsoft Closes Vulnerability in Outlook App for Android
Millions of Android devices need a security update for Microsoft's e-mail application.
Microsoft has released an updated version of Outlook for Android. The developers have fixed the vulnerability with a severity classified as Important.
A remote, authenticated attacker could exploit the vulnerability to perform cross-site scripting attacks on vulnerable systems and execute arbitrary scripts in the security context of the current user.
Microsoft's published Security Update note (CVE-2019-1105) delivers details for the vulnerability. It can be exploited by prepared e-mail messages. The available update made changes the way such messages are parsed and thus eliminates the possibility of attack.
The new Outlook for Android version 3.0.88 is available in the Play Store and protects against these attacks.
If you are using the Outlook app on your Android device, you can update it manually. Microsoft's will roll out the update automatically within the next few days.
The iOS version of the Outlook app is not affected according to Microsoft.