logo

Microsoft 365 Android Apps Had a Token Flaw IT Teams Should Check Now

ID: 11feb3bf-e946-5558-be9c-544143e5f841

STIX ID: report--11feb3bf-e946-5558-be9c-544143e5f841

Feed Name: TechRepublic Security

Threat Score
65/100

Date Published: 2026-06-04

Date Updated: 2026-06-04

Author: TechRepublic Staff

...
...

Enclave disclosed that a debug flag left enabled in production within a shared Microsoft SDK allowed untrusted Android apps to request Microsoft account FOCI tokens from Word, Excel, PowerPoint, OneNote, Microsoft Loop, and M365 Copilot on Android without user interaction; Microsoft released patches and CVEs on May 12, 2026. Administrators are advised to verify patched app builds, enforce Play Store updates through MDM, review third-party app installation policies, and examine sign-in activity for devices that ran affected versions.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.