BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityThe Hacker News·9h ago

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt.

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by The Hacker News

Source: https://thehackernews.com/2026/06/microsoft-365-android-apps-let-any-app.html

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin