Flaw In Dropbox SDK For Android Lets Attackers Steal Data Sent To Users' Account 23
An anonymous reader writes: Researchers from IBM's security team have discovered an authentication flaw in the Dropbox Software Development Kit (SDK) for Android that can be exploited to capture new data a user saves to its Dropbox account. The flaw has been extensively documented by the researchers in a blog post, but the things you initially need to know are these: the vulnerability can be exploited if you use an app that uses a Dropbox SDK Version 1.5.4 through 1.6.1 (the latest one is v1.6.3), or if you visit a specially-crafted malicious page with your Android web browser targeting that app, and that's only if you don't have the Dropbox for Android app installed. Also, an attacker can't access the data you have previously stored in your Dropbox account.