Windows 10 Bug Allowed UWP Apps Full Access to File System
 

Older versions of Windows 10 contained a bug that allowed Universal Windows Platform (UWP) apps full access to any file on a user's computer. As Bleeping Computer explains, UWP apps are normally limited to the app's installation directory and a few data storage locations, but a special permission called broadFileSystemAccess can be used to access the entire filesystem. This is supposed to trigger a settings menu that queries the user for their permission, but due to a "bug," it was never enforced and would fail to display. This could have allowed a malicious app to access any data stored on the computer without the knowledge or consent of the user. Lechance discovered this bug after creating an app that utilized the broadFileSystemAccess permission in order to access data in a hard coded "C:\myAppData" location. After upgrading to the October 2018 Update, his app suddenly started crashing on startup. This is because in Build 1809 Microsoft had started to enforce the requirement that users give permission using the Settings page before the broadFileSystemAccess permission is allowed.

http://www.hardocp.com/news/2018/11/...fil e_system/