Microsoft has addressed a serious security vulnerability that was found in its Outlook for Android app. In its security advisory, the tech giant mentions that older versions prior to 3.0.88 of Outlook for Android carries a spoofing vulnerability that could permit attackers to conduct cross-site scripting (XSS) on devices with the app installed. Microsoft says that the flaw was the result of an issue with email parsing.
No attacks reported
The vulnerability, which was discovered by many independent security researchers, was found to have not been abused by an attacker. As of now, no attacks were reported related to this XSS flaw.
Security concerns in email clients
Over the past few months, a host of serious vulnerabilities were discovered in popular email clients such as Thunderbird, Apple Mail, iOS Mail, as well as in Outlook. In fact, security researchers found that these clients could be easily compromised with a range of attacks that also included spoofing. All of this is an indication of how the aspect of security in email clients has become a growing concern.