Summary
Microsoft patched a critical vulnerability (CVE-2026-41615) in its Authenticator app that allows attackers to steal work account sign-in tokens by tricking users into approving malicious requests.
Take Action:
If you use Microsoft Authenticator on your phone, update it immediately - Android users need version 6.2605.2973 or later, and iOS users need version 6.8.47 or later. Until you update, be extra cautious about approving any authentication prompts you didn't personally trigger. In a corporate environment ensure all employees update their Microsoft Authenticator app to the latest version or instruct users to manually verify their app version in the 'About' section of the settings menu.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)