Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users

A single forgotten development flag left active in production code silently handed Microsoft account tokens to any app on an Android device, exposing billions of users across six major Microsoft 365 apps to account takeover without any interaction or consent. The vulnerability, dubbed FlagLeft, allowed any third-party app on the same Android device to silently request […] The post Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users appeared first on Cyber Security News.