CVE-2020-0654: Microsoft OneDrive for Android Security Feature Bypass Vulnerability

Overview

Severity

N/A

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Jan

Released

2020-01-14

EPSS Score

11.93% (percentile: 93.7%)

Description

A security feature bypass vulnerability exists in Microsoft OneDrive App for Android. This could allow an attacker to bypass the passcode or fingerprint requirements of the App. The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links.

FAQ

How do I get the update for OneDrive for Android? Tap the Google Play icon on your home screen. Swipe in from the left edge of the screen. Tap My apps & games. Tap the Update box next to the OneDrive app. Is there a direct link on the web? Yes: https://play.google.com/store/apps/details?id=com.microsoft.skydrive&hl=en_US

Affected Products (1)

Microsoft Office

• OneDrive for Android

Security Updates (1)

• Release Notes

Acknowledgments

Pitawat Nantamanop

Revision History

• 2020-01-14: Information published.