G+_Edward Barela Posted March 12, 2015 Share Posted March 12, 2015 Good example of shared security responsibility. Originally shared by IBM IBM Security researchers discovered a vulnerability in the Dropbox SDK for Android The vulnerability allows attackers to connect applications on mobile devices to a Dropbox account controlled by the attacker without the victim’s knowledge or authorization. Read more here: http://ibm.co/1MuLZQb This security flaw is in the authentication mechanism within any Android app using a Dropbox SDK Version 1.5.4 through 1.6.1. Note, the vulnerability was resolved in Dropbox SDK for Android v1.6.2) Link to comment Share on other sites More sharing options...
G+_Colin Jones (Ponder - F Posted March 12, 2015 Share Posted March 12, 2015 I wonder if the vulnerability was a Rice Instruction... ...call me paranoid, but Dropbox had to act once a third party had found it. Was it a flaw or was it deliberate? Link to comment Share on other sites More sharing options...
G+_Josh Frye Posted March 12, 2015 Share Posted March 12, 2015 Of course they had to act.. if a company doesn't act then that would be legally irresponsible. Link to comment Share on other sites More sharing options...
G+_Josh Frye Posted March 12, 2015 Share Posted March 12, 2015 Also if you you have the dropbox app on your phone, you are not hit by this bug. It is only in apps that use the api and you don't have the dropbox app on your phone. Link to comment Share on other sites More sharing options...
Recommended Posts