From thehackernews.com
As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users.
However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site scripting (XSS) flaw that could allow attackers to run scripts in the context of the current user just by sending a specially crafted email to the victims.