The article warns that a flaw in Microsoft Authenticator on iOS and Android could let a malicious app on the same device intercept one-time login codes or sign-in links, which could then be used to access the victim’s accounts. It says the attack is not automatic, because the user would first have to install a harmful app and then accidentally let it handle an authentication link, but the risk is still serious for people who rely on the app for multi-factor authentication, including on work-related BYOD devices. Malwarebytes says Microsoft has already included a fix in current versions of the app, so updating it is the most important step. Until the update is installed, the article recommends avoiding suspicious new apps, checking that sign-in links and QR logins are opened only by trusted apps, and using other trusted MFA options when possible.
In academic partnership with Virscend University, a WASC-accredited institution in Irvine, California.
About
Contact BLLA: