From thehackernews.com
Microsoft today released an updated version of its “Outlook for Android” that patches an important security vulnerability in the popular email app that is currently being used over 100 million users.
According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app parses incoming email messages.
If exploited, remote attackers can execute malicious in-app client-side code on the targeted devices just by sending them emails with a specially crafted message.
“The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.”