SIX Microsoft 365 Android apps, including Word, PowerPoint, and Excel, were found to have a serious security flaw due to a debug flag left enabled in production code. This oversight could allow attackers to exploit these apps and access sensitive user tokens improperly shared with unauthorized Android applications. The vulnerability was reported by Enclave, which stated that the debug mode change compromised account access protections.
Microsoft confirmed the issues and subsequently issued patches for the affected apps. This flaw potentially impacts billions of downloads, allowing malicious entities to obtain Microsoft account data, including personal emails and documents.