Apple Music Android Application versions 3.8.0 through 3.10.2 suffer from a man-in-the-middle vulnerability.
d1ed8f7b256d2d042c0b954254d2d4024fd2465082a377d15ad7dc5f5b790f57The Canadian Internet Registration Authority (CIRA) Canadian Shield iOS application versions 4.0.12 and below do not validate the SSL certificate it receives when connecting to the application server.
45101c457e72359c021a13cf5308d10f34eba950e27a433202de650671c113b1A brief write up discussing disclosure of internal IPs and hostnames from Apple bots leveraging Via and X-Forwarded-For headers.
b673e03e8e1aa51151d99f5859b00763aeba232a9176600740c438ec5fb79defApplebot/0.1 does not fully obey robots.txt as it interprets allow entries for Googlebot as implied permission for Applebot.
78ae053c4168117e295b49f3d21f45583932d75f34e82ed990e26f77540f353cVIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
ad2b385769262f6b82c11eb32205aa58cc8946448f0a2abb7f3f31a2dd608b59Sophos Secure Email Android Application versions 3.9.4 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
564bf74464507abc31328cd13ce11650838cbcc6c851afff00c70b4726aa428cThe Citytv Video Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to third party sites (Adobe Experience Cloud, ScorecardResearch). Citytv Video Android versions 4.08.0 and below and iOS versions 3.36 and below are affected.
69868f6b911d6cf596e7530e83a2e402a3944a8e2a68aa35eb11626d610a6c15The Global TV Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first (CNAME to third) and third party sites (Adobe Experience Cloud, ScorecardResearch). Global TV Android versions 2.3.2 and below and iOS versions 4.7.5 and below are affected.
68b4bda7e6101bdf7ea612dbb5795ddf2d158d57237f9ae419274e7ecf71f7f6The CBC Gem Android and iOS applications (Android version 9.24.0 and below, iOS version 9.24.0 and below) sends potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first and third party sites (Adobe Marketing Cloud, ScorecardResearch).
0d3444a9cc732375e29149b598c57075ea9f0555e5ce5015c7e21c27660080f2Anhui Huami Mi Fit Android application versions 4.0.10 and below does not encrypt the connection when it checks for an update.
e185e7156a12339d666b12c950cb9ece3e3e38a8514d9a1395d67f5123e52007The Texture Canada Android and iOS applications (Android version 4.21.0.1, iOS version 5.11.6 and below) sends potentially sensitive information such as number of app launches, device model, Android or iOS version and screen resolution, unencrypted to a third party site (ScorecardResearch).
8efefb38edf3cb8569fef8c1e4d0115eaf21dbfcc1b58e5f8cb1a093faf95a5dThe Cisco Common Service Platform Collector versions 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2 contain hardcoded credentials.
9de3cc083ddf7db43e4d74958044bd8416ed3ad485d7ce5d8ebc5ba34711b3c6Qkr! with MasterPass suffers from an SSL man-in-the-middle vulnerability. Version 5.0.8 addresses this issue.
05797b1faff6dafab46b3c8075ceaa2fc5193c578b6b52cde2f50b384a64f33dThe Google Cardboard Android and iOS applications (Android version 1.8, iOS version 1.2 and below) sends potentially sensitive information such as OS, CPU architecture, graphics chip vendor and version, CPU count, RAM, VRAM, screen size, device make and model, unencrypted to a third party site (Unity 3D Stats).
42361a507af264ec429f830956d8abdd01925163d38d47dcc127b1fc891edff6Norton Security for Mac versions prior to 7.6 do not validate the SSL certificate it receives when connecting to the server used to download the main installer.
3ff64c0bcea95c1c17c44f735f3bade688ca62e4289bfc78ed2b0ecb34ae3e4dShazam on Android versions 8.3.1-180206 and below disclose potentially sensitive information to third party analytics.
7aaf8adbd9808cffa95f5a4202d80e89e9007773eb5a1b5f9c776ba84c92fe36Cisco Umbrella virtual appliance versions 2.1.0 and below contain undocumented hardcoded credentials which could allow an attacker to access the hypervisor console and provide persistent and unrestricted access to the virtual appliance.
b75df23092926396b8f5b75ae10c72733fe4fc796acb74fe704cb7c3477edf0eCisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance.
5e84ae818066bb4ac19ab58bf8766980a52ebe49a4dd880c31b67e49f4cb6e1bApple Support iOS application versions 1.1.1 and below send potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site (Adobe Marketing Cloud).
b2897fa68d98d0bcdeca83e54c19b2cbffb7823e51716ff60960f9cc3e3d0cdbThe Apple Music Android application (version 1.2.1 and below) does not validate the SSL certificate received when connecting to the mobile application login and payment servers.
1422d48bcd8eed64fc465a014de8e359bdf5f4adb5d983d4dc5bc3f09063b2b3The Trend Micro Enterprise Mobile Security android application suffers from a man-in-the-middle SSL certificate vulnerability.
3be0a3916b23746808c0c776f1e66acee4ee7df205c6f4e4557903bacd4c08ebShoreTel Mobility Client iOS application versions 9.1.2.101 and below do not validate the SSL certificate they receive when connecting to the mobile application login server.
ab8fbad9955d47f25f7c6c769b170308f9e0a2f2b792f80b59387dd470dc7304Kaspersky Safe Browser suffers from a man-in-the-middle vulnerability.
a69e867e6dee8c1addf7cdbb8600769155deaea15c494c95c4cc860666908b3eThe Acer Portal Android application version 3.9.3.2006 and below, installed by the manufacturer on all Acer branded Android devices, does not validate the SSL certificate it receives when connecting to the mobile application login server.
e41d65b401922a36dd4fd36af2a4b2b250969e944b8ae92cf0e117d652041d1bTrend Micro Mobile Security iOS application versions 3.1.1034 and below fail to validate the SSL certificate it receives when connecting to the mobile application login server.
e551b1880ff922cd6c0047e14ee549c65dcc283403e2bdbf2f66d2992a0517bc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed