The 'Dirty Stream' attack, identified by Microsoft, poses a threat to widely used Android apps, potentially allowing malicious entities to take control, steal sensitive data, and gain access to user accounts. This attack pattern, related to path traversal, affects various popular Android apps, including Xiaomi's File Manager and WPS Office, noting over four billion installations. Microsoft has notified developers and fixes have been deployed in affected apps
The vulnerability lies in Android's 'FileProvider' class, utilized for file sharing among apps, with incorrect handling leading to arbitrary code execution and token theft, prompting users to update devices and apps for protection. ```https://securityaffairs.com/162699/hacking/dirty-stream-android-installs-risk.html