Broken Authentication Vuln Threatens Amazon Photos Android App

  /     /     /  
Publicated : 23/11/2024   Category : security


Broken Authentication Vuln Threatens Amazon Photos Android App


The now-patched bug allows an attacker to gain full access to a users Amazon files.



A high-severity flaw in the Amazon Photos Android App — which has more than 50 million downloads — could allow attackers to steal a users Amazon access token and use it to access multiple Amazon APIs.
The team at Checkmarx alerted Amazon to the broken authentication
vulnerability
in the
Amazon Photo App for Android
, which allows users to share, print, and store mobile photos.
The analysts said the bug is due to a component misconfiguration in the apps manifest file.
Whenever this activity is launched, it triggers an HTTP request that carries a header with the customers access token, the team said. After receiving the request, the analysts found they could also gain control of the server.
The report added that, with all these options available for an attacker, a ransomware scenario was easy to come up with as a likely attack vector. A malicious actor would simply need to read, encrypt, and re-write the customer’s files while erasing their history.
To protect themselves, users should update to the latest version of the app. Checkmarx researchers said that downloads made before Dec. 18 are affected if users havent updated the app since then.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Broken Authentication Vuln Threatens Amazon Photos Android App