A coding error in Microsoft 365's Android apps, including Word, Excel, and PowerPoint, has exposed user accounts to potential takeover due to a disabled security setting. Researchers at Enclave found that a debug setting was mistakenly enabled, which allowed unauthorized apps to access Microsoft authentication tokens. This oversight could let attackers read emails, send messages, and access other data across Microsoft services.
Enclave disclosed the issue to Microsoft, which issued updates for multiple vulnerabilities. The incident highlights the importance of rigorous coding practices to ensure security in interconnected applications.