Today, IBM has reported the discovery of a Dropbox vulnerability. This vulnerability was found by IBM’s X-Force Application Security Team in the software development kit (SDK) for Android, and if exploited could have potentially allowed an attacker to connect to a harmful application on a victim’s mobile device, and would have let them gain access to personal information within private cloud drive.
This vulnerability has since been patched, and Dropbox noted that no files were compromised prior to the release of the update. IBM and Dropbox together are both strongly advising developers to update their SDKs to the latest released version, v1.6.3, or Sync/Datastore Android SDK v3.1.2, to implement the corrective action. An even simpler fix for end users of Dropbox is to delete and reinstall the Dropbox app, which will download the latest version on their mobile device. This will, in turn, make exploitation of the vulnerability impossible.
IBM has since released a White Paper that explains the vulnerability in more detail:
Read More
If you have any further questions regarding this vulnerability, email
Nate Gravel – Director of the Information Security Practice at ngravel@gravoc.com
Related articles
Tackle the Cybersecurity Talent Shortage by Hiring a vCISO
In this blog post, we discuss how outsourcing cybersecurity operations to a vCISO can help businesses, including SMBs, tackle the cybersecurity talent shortage.
Need-to-Know Privilege Explained
In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.
Email Security: Solutions to Protect Your Inbox from Cybersecurity Threats
In this blog post, we discuss the importance of email security for businesses and explore the VIPRE and Sendmarc email protection technology solutions.
