"A vulnerability tracked as CVE-2026-26123 affects the Microsoft Authenticator app on both Android and iOS devices. According to security reports, the flaw could allow a malicious application installed on the same phone to intercept authentication information such as one-time login codes or special sign-in links."
"Experts say the flaw cannot be exploited remotely. Instead, a victim would first need to install a malicious application on their device and then accidentally select that app to handle an authentication deep link. If that occurs, the malicious software could receive the login code or sign-in data intended for Microsoft Authenticator."
"If exploited successfully, attackers could: Complete login processes that rely on Microsoft Authenticator codes, Access data tied to the compromised account, such as emails, files, or cloud services, Potentially move on to other accounts protected by the same device's authentication codes."
CVE-2026-26123 affects Microsoft Authenticator on Android and iOS devices, potentially allowing malicious applications to intercept one-time login codes and authentication links through deep link exploitation. The vulnerability cannot be exploited remotely; a victim must first install a malicious app and accidentally select it to handle an authentication deep link. If successful, attackers could complete login processes, access account data including emails and cloud services, and potentially compromise other accounts. Microsoft Authenticator serves over 75 million users worldwide for multi-factor authentication. Security researchers confirm the flaw has been fixed in recent versions, and users are urged to update immediately.
#microsoft-authenticator-vulnerability #multi-factor-authentication-security #mobile-app-security #deep-link-exploitation #cve-2026-26123
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]