Impact
The Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android.
Patches
Users should upgrade to version 0.9.9.63 or higher as soon as possible.
References
Fix commit: 05449cb.
For more information
Please have a look at the vulnarability report provided by the GitHub Security Lab team here.
If you have any questions or comments about this advisory:
atorralba Analyst
kevinbackhouse Analyst
Impact
The Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android.
Patches
Users should upgrade to version 0.9.9.63 or higher as soon as possible.
References
Fix commit:
05449cb.For more information
Please have a look at the vulnarability report provided by the GitHub Security Lab team here.
If you have any questions or comments about this advisory: