According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to physically access the target device. To gain access, an attacker must acquire the device after being unlocked by a legitimate user (target of opportunity) or possess the ability to pass device authentication or password protection mechanisms. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Modern mobile devices include authentication or password protection mechanisms which an attacker must be able to satisfy before gaining access to the target device. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker with physical access to an unlocked device could bypass the application's biometric authentication, which effectively disables the application lock and gives the attacker full access. Is the update for Microsoft Outlook for Android listed in this vulnerability currently available? The security update for Microsoft Outlook for Android is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.
Eugene, Andr.Ess