Dropbox has issued a fix to its SDK after IBM security researchers found a vulnerability that means Android apps using Dropbox for storage built with an older version of its SDK are vulnerable to data stealing attacks.
IBM’s application security research team has found a way to link their own Dropbox account to an Android app on another person’s phone that connects to the storage service. After a successful attack, any data uploaded by the app is delivered to the attacker’s Dropbox account.
Leave a reply
