Security News > 2022 > June > Amazon fixes high-severity vulnerability in Android Photos app
Amazon Photos is an image and video storage application that enables users to seamlessly share their snaps with up to five family members, offering powerful management and organization features.
Exploiting this bug could have enabled a malicious app installed on the same device to snatch Amazon access tokens used for Amazon APIs authentication.
These APIs might contain sensitive personal information like full name, email, and physical address, while others like the Amazon Drive API hold user files.
The same token might be used by other Amazon APIs, like Prime Video, Alexa, Kindle, etc.
Checkmarx reported the issue to Amazon on November 7, 2021, and the internet giant confirmed the reception the next day, classifying it as a high-severity vulnerability.
On December 18, 2021, Amazon informed Checkmarx that they had resolved the issues via a security update deployed into production.
News URL
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Amazon confirms employee data exposed in leak linked to MOVEit vulnerability (source)