CVE-2020-0943: Microsoft YourPhone Application for Android Authentication Bypass Vulnerability

Overview

Severity

N/A

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Apr

Released

2020-04-14

EPSS Score

0.22% (percentile: 44.3%)

Description

An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles. This could allow an unauthenticated attacker to view notifications. This requires an attacker to have access to the victim's device. The security update addresses the vulnerability by updating the way Microsoft YourPhoneCompanion application for Android processes notifications generated by work profiles.

Affected Products (1)

Apps

• Microsoft Your Phone Companion App for Android

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://www.linkedin.com/in/matthewlashner/">Matthew Lashner</a>

Revision History

• 2020-04-14: Information published.