large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Microsoft patched a doozy of a bug in Outlook for Android – you really need to install it

Microsoft has released an update for Outlook for Android to get rid of a serious security flaw.

Microsoft has swiftly rolled out a patch to fix a concerning but in Outlook for Android. The bug would allow attackers to run in-app client-side code on devices they choose to target. The US Department of Homeland Security even took steps to warn users about the issue. The app has been downloaded by over 100 million users from the Google Play Store.

Related: Best Android apps

According to Microsoft, “A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user”.

Microsoft then explains the fix: “The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages”.

The issue affects any users with versions of Outlook for Android prior to 3.0.88 – if that’s you, make sure you update.

Related: Best free antivirus

You may have Android updates set to automatic but – to make sure you get it – you can check manually. Simply head to the Google Play Store app, swipe from the left to bring in a menu, select My apps & games and click Update – if the option is available.

There were no reports of the bug being exploited prior to the fix being implemented. The security flaw itself was reported independently by five security researchers.

We last reported on a Microsoft software bug back in May. Microsoft Edge users were struggling to access Google apps – including YouTube. Microsoft is currently working on a new version of Edge using Google’s Chromium open source web browser project as the basis for it.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.