The vulnerable apps in question have since been patched by their respective developers, as we have noted in an update to this post. Additionally, we updated the headline to clarify that the apps themselves are safe and don't require removal. When we find out more, we'll update this story.
A recently found significant security flaw on Android called "Dirty Stream" has Microsoft warning about it since it allows rogue apps to easily take control of legal apps. Even worse, this bug affects some programs that have received hundreds of millions of installs. Here's what you need know to protect your data if you own one of the top Android phones.
The way the Dirty Stream vulnerability manipulates this system is what makes it so cunning. Microsoft has discovered that in order to get around these security protections, hackers can develop "custom intents," which are messaging objects that help components communicate with one another across Android apps. Through the use of a custom intent, malicious apps can use this vulnerability to deliver a file with a modified filename or path to another app, introducing malicious code under the guise of normal files.
From there, a hacker might deceive a weak app into replacing important files in its secret storage area, with potentially disastrous outcomes. According to BleepingComputer, Dirty Stream basically transforms a standard OS-level function into a weaponized instrument that may run illegal code, steal information, and even take control of an application when the user is not there.
