Microsoft warns of a security vulnerability in Authenticator. Attackers can intercept sign-in tokens and gain access.
In Microsoft 's Authenticator , attackers can exploit a critical security vulnerability to obtain sign-in tokens, enabling unauthorized access to resources. Updated apps are available.broadly discusses the issue.
Sensitive information can fall into the hands of unauthorized actors as Microsoft Authenticator exposes information to attackers over the network. In the FAQ, Microsoft explains that the vulnerability can reveal the sign-in token for users' work accounts. This allows unauthorized individuals to access data and services that the user account is permitted to access, potentially including sensitive company information. To exploit the vulnerability, attackers must trick a victim into interacting with a legitimate-looking malicious request.
Once users confirm the request, attackers can trick the app into requesting access tokens on behalf of the users to deliver them to a service under the attackers' control. Affected users do not receive clear information about what access has been granted .
However, NIST, in its NVD entry, only assigns a risk of “Updated versions of Microsoft's Authenticator are available in the respective app stores. On Android, version 6.2605.2973 and newer resolve the issue, while on iOS, software version 6.8.47 and later does. Those who have enabled automatic app updates for their mobile operating system will receive the update automatically.
Users who have disabled this must open the Google Play Store or the iOS App Store and download and install the updated apps there.further states that the vulnerability has not yet been exploited. No exploit is publicly available yet.
Nevertheless, users of Microsoft Authenticator should ensure they are using the current version. The Authenticator displays the current version in the app menu under “Help,” then further down under “About” - “Application version. ”
Authenticator IT Microsoft Microsoft Authenticator Security Sicherheitslücken Updates
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Aktie zieht endlich an: Bill Ackman kauft Microsoft: Aktie schießt in die Höhe© Foto: DALL-EIst das der langerersehnte Befreiungsschlag für Microsoft? Star Investor Bill Ackman gab Freitag auf X bekannt, dass er sich von Alphabet trennt und dafür auf Microsoft setzt. Die Aktie ist
Read more »
Microsoft Authenticator: Lücke ermöglicht unbefugten ZugriffMicrosoft warnt vor einer Sicherheitslücke im Authenticator. Angreifer können Sign-in-Token abgreifen und damit Zugriff erlangen.
Read more »
Microsoft-App Authenticator-Sicherheitslücke: Kriminelle können Anmeldeinformationen stehlenEinige Sicherheitslücken in der beliebten Microsoft-App Authenticator ermöglichen es Angreifern, an die Anmeldeinformationen von Nutzern zuzugreifen und so Zugriff auf ihre Daten und Online-Dienste zu erhalten. Besonders gefährdet sind Nutzer von Microsoft-Arbeitskonten, da Angreifer Zugang zu sensiblen Informationen über das Netzwerk erhalten können.
Read more »
Critical Metals Corp: Critical Metals Signs Definitive Agreement to Acquire European LithiumNEW YORK, May 18, 2026 (GLOBE NEWSWIRE) -- Critical Metals Corp. (Nasdaq: CRML) ('Critical Metals Corp.' or the 'Company'), further to its news release on April 27, 2026, today announced the execution
Read more »