Dropbox SDK vulnerability puts billions of Office files at risk

Status
Not open for further replies.

Rus Anca

Level 25
Thread author
Verified
Jun 18, 2014
1,403
Dropbox SDK vulnerability puts billions of Office files at risk

A flaw in the Dropbox SDK for Android could potentially put large numbers of MS Office files stored in the cloud at risk.

IBM's X-Force Application Security Research team has discovered a severe vulnerability in Dropbox's software development kit (SDK) used by Android app developers to connect to Dropbox so users can tap into their files via an app.

The biggest app that uses the Dropbox SDK is Microsoft Office Mobile, which is reckoned to host over 35 billion files on Dropbox for users. Microsoft Office Mobile which likely holds sensitive information has been downloaded more than 10 million times. Additionally, password manager AgileBits 1Password (100,000 downloads) plus several productivity and photo editing and sharing tools use the same SDK.

The vulnerability may affect any Android app that uses the Dropbox SDK Version 1.5.4 and above. It can be exploited both locally by using malware and remotely by using drive-by techniques to install a compromised app allowing the hacker access to Dropbox files. It cannot, however, be exploited if the Dropbox app is installed on the device.



More info you can found here:http://securityintelligence.com/dro...-in-the-dropbox-sdk-for-android/#.VQAmn_ysXqU
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top