![]() The following month, the company issued a patch for the vulnerability.īecause this flaw also affects Amazon Drive, threat actors could theoretically modify files while erasing a user's history, effectively rendering original content irrecoverable.Įrez Yalon, Checkmarx's vice president of security research, was quoted in an interview with The Record: The researchers from Checkmarx informed Amazon in November 2021. To put it plainly, it's like sending a password over to another app in plain text, the researchers who found the bug explained. In a ransomware scenario, threat actors could steal, delete, and encrypt files and leave affected users with no means to restore them. The Photos app is geared towards the storing, organizing, and sharing photos and videos.ĭue to a misconfiguration of a component in the app, rendering a client's access token severely unprotected, a third-party malicious app could access and use this token. ![]() To date, it has been downloaded more than 50 million times from the Play Store. ![]() That would give attackers access to a trove of information, since many of these APIs contain personal data, such as names, email addresses, and home addresses.Īmazon Photos, previously known as Prime Photos, is a service related to Amazon Drive, the company's cloud storage application. Amazon has patched a flaw in the Amazon Photos app which could have allowed an attacker to steal and use a user's unique access token that verifies their identity across multiple Amazon APIs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |