SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps

Microsoft has uncovered a new type of attack called Dirty Stream that impacted Android apps with billions of installations. 

Microsoft is warning Android application users and developers about a recently uncovered attack method that can allow threat actors to take control of apps and obtain sensitive data.

The issue has been named Dirty Stream and described by the tech giant as a vulnerability pattern related to path traversal. The company disclosed the details of Dirty Stream this week, focusing on its impact on the Xiaomi File Manager and WPS Office applications, which collectively have more than 1.5 billion installs from Google Play. 

Microsoft identified several impacted applications, which have a total of four billion installations, but the company believes the vulnerability pattern could be present in other Android apps as well. 

The issue is related to a data and file sharing mechanism on Android, specifically the content provider component and its ‘FileProvider’ class, which enables file sharing between installed applications. Improperly implementing this mechanism can introduce potentially serious vulnerabilities.

Microsoft discovered that malicious applications could leverage the Dirty Stream technique to overwrite files in the targeted application’s home directory, which can lead to arbitrary code execution and token theft. 

Being able to execute arbitrary code enables the attacker to gain full control of the targeted app’s behavior, while token theft can allow the hacker to access user accounts and sensitive data.

Advertisement. Scroll to continue reading.

Malicious code execution can be achieved by overwriting the application’s code. In addition, the attacker can modify the app’s behavior by, for instance, overwriting preferences and other configuration files. 

The developers of apps affected by Dirty Stream have been notified by Microsoft and they have released patches, but the company is urging all developers to analyze its research and ensure that their products are not impacted.

Google has also been notified and it has published an article on the Android Developers website to inform developers about risks associated with the content provider component.

Related: VPN Apps on Google Play Turn Android Devices Into Proxies

Related: Google Announces Enhanced Fraud Protection for Android

Related: Critical Remote Code Execution Vulnerability Patched in Android

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Third-Party Risk in Practice
June 4, 2026

Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.

Register

Virtual Roundtable: CISO Forum 2026 Mid-Year Review
June 10, 2026

Explore how attackers are using AI to scale threats and how security teams can respond with AI-driven defenses. Protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks.

Register

People on the Move

Opal Security has appointed CPO, CTO, VP of Field Engineering, VP of Marketing, and Head of Product and Solutions Marketing.

The Department of the Air Force has appointed Ashley Devoto as Chief Information Officer.

Bartley Richardson has been named Chief AI and Autonomous Systems Officer at CrowdStrike.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.