Microsoft has released an update for Microsoft Outlook for Android that fixes a spoofing vulnerability in the application that could allow an attacker to compromise the device. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. Microsoft indicates that this vulnerability is not publicly known and that it has never been exploited, but it has a large user base to target if the app is not updated.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-for-android-gets-spoofing-vulnerability-fix/