A recently discovered vulnerability in Outlook.com has been disclosed that puts users’ data at risk.
The vulnerability, known as CVE-2014-5239, is one where the Outlook.com application for Android fails to validate X.509 certificates from SSL servers. This would allow an attacker using a ïMan-in-the-Middle’ (MITM) attack to spoof servers and obtain sensitive information via a crafted certificate.
Outlook.com Android app versions effected
This effects Outlook.com apps before 220.127.116.11.49.7090. More information on this vulnerability is available through NIST.
Find out if you are vulnerable with viaProtect
The viaProtect mobile security app will notify you of any apps installed on your device that are vulnerable by sending you alerts directly to your device. If you don’t already have viaProtect you can download it using the buttons below.
To find out if your Android smartphone or tablet has a vulnerable version of Outlook.com installed, open your viaProtect app (download links below). On your homepage, click”Security Feed: Vulnerabilities affecting your device”. You will see a notification here if you have the vulnerable version of Outlook.com installed on your device. This alert will have the vulnerability and a recommendation on how to protect your data while using this app.
No notifications in your security feed mean that your device has no vulnerabilities known to viaProtect currently affecting your device.