Microsoft has patched a vulnerability in Microsoft Outlook for Android software. The vulnerability is a spoofing vulnerability that exists in the way Outlook parses crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The software giant’s security update addresses the bug by ensuring that Outlook now parses those specially crafted emails correctly. Users should update their applications as soon as possible, Microsoft said. Last year, a vulnerability (CVE-2018-0950) was found that would allow hackers to steal a user s Windows password just by having the target preview an email with a.
Source: https://threatpost.com/microsoft-outlook-android-xss/145924/

