Microsoft patched a doozy of a bug in Outlook for Android – you really need to install it

Microsoft has released an update for Outlook for Android to get rid of a serious security flaw.

Microsoft has swiftly rolled out a patch to fix a concerning but in Outlook for Android. The bug would allow attackers to run in-app client-side code on devices they choose to target. The US Department of Homeland Security even took steps to warn users about the issue. The app has been downloaded by over 100 million users from the Google Play Store.

Related: Best Android apps

According to Microsoft, “A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user”.

Microsoft then explains the fix: “The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages”.

The issue affects any users with versions of Outlook for Android prior to 3.0.88 – if that’s you, make sure you update.

Related: Best free antivirus

You may have Android updates set to automatic but – to make sure you get it – you can check manually. Simply head to the Google Play Store app, swipe from the left to bring in a menu, select My apps & games and click Update – if the option is available.

There were no reports of the bug being exploited prior to the fix being implemented. The security flaw itself was reported independently by five security researchers.

We last reported on a Microsoft software bug back in May. Microsoft Edge users were struggling to access Google apps – including YouTube. Microsoft is currently working on a new version of Edge using Google’s Chromium open source web browser project as the basis for it.