Windows 10 UWP bug gave apps full system access

Posted on Monday, Nov 05 2018 @ 11:14 CET by Thomas De Maesschalck
MSFT logo
A bug in Windows 10 builds prior to the October 2018 Update enabled UWP apps to gain access to the system's entire file system without permission from the user. BleepingComputer notes this can allow a malicious app to gain access to any data on your PC. Upgrading to Windows 10 October 2018 Update is the fix, but that update is still pulled due to a file deletion bug that was discovered shortly after the rollout of this update. At the moment, it's unknown when Microsoft will resume the rollout of Windows 10 October 2018 Update.
By default, UWP apps can only access files and folders located in the app's installation directory and its data storage locations in AppDataLocal, AppDataRoaming, and the Temp folder. If an app needs to access files outsides of these locations, they can display a file/folder picker that can be used to select a file or the developer can declare extra permission for the App.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments