IBM today is publicly disclosing a flaw that it found and reported to Dropbox, impacting the security of the popular file sharing and sync service. Since Dropbox functionality is embedded in multiple applications, the risk and potential impact is larger than just the Dropbox app itself.
The flaw, now identified as CVE-2014-8889, was found inside the Dropbox SDK (software development kit) for Android and could have potentially enabled an attacker to insert an arbitrary access token, to give the attacker access to user information.