Posted on Monday, November 05 2018 @ 11:14 CET by Thomas De Maesschalck
A bug in Windows 10 builds prior to the October 2018 Update enabled UWP apps to gain access to the system's entire file system without permission from the user. BleepingComputer
notes this can allow a malicious app to gain access to any data on your PC. Upgrading to Windows 10 October 2018 Update is the fix, but that update is still pulled due to a file deletion bug that was discovered shortly after the rollout of this update. At the moment, it's unknown when Microsoft will resume the rollout of Windows 10 October 2018 Update.
By default, UWP apps can only access files and folders located in the app's installation directory and its data storage locations in AppDataLocal, AppDataRoaming, and the Temp folder. If an app needs to access files outsides of these locations, they can display a file/folder picker that can be used to select a file or the developer can declare extra permission for the App.
