amazon-quietly-patches-'high-severity'-vulnerability-in-android-photos-app

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Amazon Quietly Patches 'High Severity' Vulnerability in Android Photos App

Amazon, in December 2021, patched a high severity vulnerability affecting its Photos app for Android that could have been exploited to steal a user’s access tokens.

“The Amazon access token is used to authenticate the user across multiple Amazon APIs, some of which contain personal data such as full name, email, and address,” Checkmarx researchers João Morais and Pedro Umbelino said. “Others, like the Amazon Drive API, allow an attacker full access to the user’s files.”

The Israeli application security testing company reported the issue to Amazon on November 7, 2021, following which the tech giant rolled out a fix on December 18, 2021.

The leak is the result of a misconfiguration in one of the app’s components named “com.amazon.gallery.thor.app.activity.ThorViewActivity” that’s defined in the AndroidManifest.xml file and which, when launched, initiates an HTTP request with a header containing the access token.

In a nutshell, it means that an external app could send an intent — a message to facilitate communication between apps — to launch the vulnerable activity in question and redirect the HTTP request to an attacker-controlled server and extract the access token.

Calling the bug a case of broken authentication, the cybersecurity company said the issue could have enabled malicious apps installed on the device to grab the access tokens, granting the attacker permissions to make use of the APIs for follow-on activities.

This could vary from deleting files and folders in Amazon Drive to even exploiting the access to stage a ransomware attack by reading, encrypting, and re-writing a victim’s files while erasing their history.

Checkmarx further noted that the vulnerability might have had a broader impact given that the APIs exploited as part of its proof-of-concept (PoC) constitute only a small subset of the entire Amazon ecosystem.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Schoolyard Bully Malware Stealing Facebook Credentials on Android

Schoolyard Bully Malware Stealing Facebook Credentials on Android

Mobile security company Zimperium’s zLabs has released a warning about a notorious Android trojan that has stolen around 300,000 credentials…
8 Reasons Why Enterprises Use Java

8 Reasons Why Enterprises Use Java

Java is one of the most well-known programming languages and software platforms that is used on countless devices such as…
360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

Previously we covered the news of a database containing 487 million up-to-date WhatsApp user records from 84 countries being sold…