OneDrive File Picker flaw grants full drive access when users share a single file

WTF?! OneDrive is one of the most popular cloud storage services in the market, largely because Microsoft aggressively promotes it to Windows users. However, security researchers warn that OneDrive's File Picker feature may expose users and organizations to serious data risks by granting full read access to unauthorized parties. Microsoft is being extremely careless with security boundaries in OneDrive. A recent Oasis Security analysis revealed that OneDrive's File Picker tool can grant websites, apps, and outside users full read-only access to all content stored on the service. This glaring flaw puts both individual users and corporations at risk, prompting Oasis to recommend a thorough audit of all previously granted permissions. File Picker provides companies and users with quick and easy file uploads from their OneDrive accounts. Many online services, including OpenAI's ChatGPT, leverage this feature. However, rather than restricting access to a specific file, the tool grants ext ... Read full article.