"Amazon Quietly Patches 'High Severity' Android Photos App Vulnerability"
Researchers at cybersecurity firm Checkmarx alerted Amazon about a high severity vulnerability affecting the Amazon Photos Android app in December. The app contained a flaw that allowed attackers to steal a user's Amazon access token, which is required for authentication across several Amazon Application Programming Interfaces (APIs). These APIs contain personal information such as names, emails, addresses, and more. Some would grant a hacker complete access to a user's files, such as the Amazon Drive API. Before a patch for the vulnerability was made available on December 18 for the Amazon Photos Android app, it had been downloaded more than 50 million times. The team discovered a number of issues with the app's various components, finding that if a malicious app had been installed, an Android user's Amazon access token could have been taken, leaving them open to ransomware or worse. With a stolen access token, an attacker could change files while erasing user history, making it impossible to restore the original content from file history. This article continues to discuss the potential exploitation and impact of the high severity vulnerability found in the Amazon Photos Android app.
The Record reports "Amazon Quietly Patches 'High Severity' Android Photos App Vulnerability"