Posted by Roee Hay on Mar 11

Hi,

We have recently discovered a vulnerability in the Dropbox SDK for Android.
This vulnerability may enable theft of sensitive information from apps that
use the vulnerable Dropbox SDK both locally by malware and also remotely by
using drive-by exploitation techniques.

The vulnerability is identified as CVE-2014-8889.

We had privately reported the issue to the Dropbox team which soon provided
a fix with version 1.6.2 of the SDK.

More…