Dropbox fixes flaw with Android security
SEATTLE, March 11, 2015
Dropbox, the popular online file storing system, said on Tuesday it has fixed a security flaw that could have allowed hackers to capture data stored in its service on Android devices via compromised third-party apps.
Dropbox, which has more than 300 million users, said it fixed the vulnerability a few months ago in the software it provides to third parties making apps that work with Dropbox.
It said most Android developers had already updated to the latest version of its software after being notified by Dropbox of the problem as early as December. On Tuesday Dropbox reminded any remaining developers working with the old version to update.
According to Dropbox, the software flaw meant that under certain circumstances a hacker could use a compromised third-party app to save another user's data to the hacker's Dropbox account. Dropbox said no data already stored on its service was ever vulnerable.
"There are no reports or evidence to indicate the vulnerability was ever used to access user data," Dropbox said in a blog on its website.
Researchers at International Business Machines Corp initially discovered the flaw, and informed Dropbox, according to both companies. – Reuters