Security News > 2022 > June > Amazon fixes high-severity vulnerability in Android Photos app
Amazon Photos is an image and video storage application that enables users to seamlessly share their snaps with up to five family members, offering powerful management and organization features.
Exploiting this bug could have enabled a malicious app installed on the same device to snatch Amazon access tokens used for Amazon APIs authentication.
These APIs might contain sensitive personal information like full name, email, and physical address, while others like the Amazon Drive API hold user files.
The same token might be used by other Amazon APIs, like Prime Video, Alexa, Kindle, etc.
Checkmarx reported the issue to Amazon on November 7, 2021, and the internet giant confirmed the reception the next day, classifying it as a high-severity vulnerability.
On December 18, 2021, Amazon informed Checkmarx that they had resolved the issues via a security update deployed into production.