MobileThe Hacker News3 days ago

Microsoft 365 Android Apps Leak Tokens via Debug Flag

1 min read

A debug flag in Microsoft 365 Android apps allows any app to steal account tokens. The flaw, named FlagLeft, exists in Word, PowerPoint, Excel, Copilot, Loop, and OneNote. It skips authentication checks, letting third-party apps access email, files, calendar, and messages without prompts. Microsoft patched it with four CVEs on May 12 and users must update apps. The issue stems from a single line in a shared SDK set to true in production.

Level

Hype check

Tap to vote and see what everyone thinks.

#microsoft #android #security

Read full story

More to chew on!

Mobile2 days ago

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

Mobile4 days ago

One Line of Code Exposed Billions of Microsoft Android App Downloads