Security News > 2019 > June > Microsoft Outlook for Android Open to XSS Attacks

2019-06-21 19:50
A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.
News URL
https://threatpost.com/microsoft-outlook-android-xss/145924/
Related news
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Microsoft says button to restore classic Outlook is broken (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Microsoft fixes button that restores classic Outlook client (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-29 | CVE-2019-1105 | Cross-site Scripting vulnerability in Microsoft Outlook A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | 5.4 |