Describing the vulnerability, CVE-2019-1460, in an advisory, Microsoft stated,
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.As a result, the attacker could then perform XSS attacks in the context of the current user.
The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.Microsoft disclosed this vulnerability following its scheduled monthly Patch Tuesday updates.
This XSS vulnerability first caught the attention of security researcher Rafael Pablos. Microsoft have rolled out a fix for this bug by addressing the way Microsoft Outlook parses specially crafted messages. They have also acknowledged the researcher for this flaw.
To stay protected from potential attacks, users using Microsoft Outlook on their Android devices must they update the app.
Researchers from Symantec have also recommended some precautionary steps to follow. These include,
