In a nutshell: Debug flags that Microsoft failed to reset in Android apps allowed attackers to take over user accounts.
Microsoft had failed to deactivate a debugging flag in several of its Android applications, which allowed attackers access to user accounts. The vulnerability affected a large number of users.
Microsoft left an activated debugging flag in several of its Android applications. With debug mode enabled, attackers can access system functions that are normally protected, allowing them to bypass security mechanisms.
Through this vulnerability, attackers were able to gain access to user accounts. Because Microsoft’s Android apps have a broad user base, the potential reach of the security vulnerability was significant.
The vulnerability existed because Microsoft had failed to reset the debug flag to the production state (release mode) after development – an elementary security standard in software development. This is a violation of fundamental best practices for secure software deployment.
Source: www.golem.de · Published 4 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification through Lumi News Pipeline v1.2.9.