The Canadian Internet Registration Authority (CIRA) Canadian Shield iOS application versions 4.0.12 and below do not validate the SSL certificate it receives when connecting to the application server.
bf1cf19e84f8affc4de78a67a8f1e677A brief write up discussing disclosure of internal IPs and hostnames from Apple bots leveraging Via and X-Forwarded-For headers.
55aef9cbf06435171aad139605e96ea9Applebot/0.1 does not fully obey robots.txt as it interprets allow entries for Googlebot as implied permission for Applebot.
8dc6a1d084972fcf46b8cdbdb06e25e0VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
82d37852c91e2ee7b39bd7164fcdcea8Sophos Secure Email Android Application versions 3.9.4 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
0af4af6cc034077229b0fc5e55b878d0The Citytv Video Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to third party sites (Adobe Experience Cloud, ScorecardResearch). Citytv Video Android versions 4.08.0 and below and iOS versions 3.36 and below are affected.
a4c54d68932b6a368bcb9f373ccb7b24The Global TV Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first (CNAME to third) and third party sites (Adobe Experience Cloud, ScorecardResearch). Global TV Android versions 2.3.2 and below and iOS versions 4.7.5 and below are affected.
53b85b11c7e2c82b9010d72677aa5e0dThe CBC Gem Android and iOS applications (Android version 9.24.0 and below, iOS version 9.24.0 and below) sends potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first and third party sites (Adobe Marketing Cloud, ScorecardResearch).
ddf0c0125210e18aad3d55c6060e572eAnhui Huami Mi Fit Android application versions 4.0.10 and below does not encrypt the connection when it checks for an update.
a42279218aa424b93572cdeb05f5c02dThe Texture Canada Android and iOS applications (Android version 4.21.0.1, iOS version 5.11.6 and below) sends potentially sensitive information such as number of app launches, device model, Android or iOS version and screen resolution, unencrypted to a third party site (ScorecardResearch).
4c145fd68917e2b2d7ff8fc34cecd4f3The Cisco Common Service Platform Collector versions 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2 contain hardcoded credentials.
b839ff1288a335fb85a4e9618cd7250dQkr! with MasterPass suffers from an SSL man-in-the-middle vulnerability. Version 5.0.8 addresses this issue.
84888b6ce78bde23ac55322ff81ac951The Google Cardboard Android and iOS applications (Android version 1.8, iOS version 1.2 and below) sends potentially sensitive information such as OS, CPU architecture, graphics chip vendor and version, CPU count, RAM, VRAM, screen size, device make and model, unencrypted to a third party site (Unity 3D Stats).
90bd446dbfb72bbe575551b017929885Norton Security for Mac versions prior to 7.6 do not validate the SSL certificate it receives when connecting to the server used to download the main installer.
726d633d852943cc853a2a28381f7eecShazam on Android versions 8.3.1-180206 and below disclose potentially sensitive information to third party analytics.
e48086085f3d65188de31f424f0becbcCisco Umbrella virtual appliance versions 2.1.0 and below contain undocumented hardcoded credentials which could allow an attacker to access the hypervisor console and provide persistent and unrestricted access to the virtual appliance.
993e3f76b4724491d5f16794bc2fb968Cisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance.
b176f5aecc3e42a73c69376a8d0395b6Apple Support iOS application versions 1.1.1 and below send potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site (Adobe Marketing Cloud).
228b93dcbffcf65f58e7495bb25a4bb0The Apple Music Android application (version 1.2.1 and below) does not validate the SSL certificate received when connecting to the mobile application login and payment servers.
77f6d3bf2a4d79ba1870023309aa385eThe Trend Micro Enterprise Mobile Security android application suffers from a man-in-the-middle SSL certificate vulnerability.
f80c525a43a419b297b0ae9bdde3471eShoreTel Mobility Client iOS application versions 9.1.2.101 and below do not validate the SSL certificate they receive when connecting to the mobile application login server.
504528fda2cb031d91ae4db08bcb18edKaspersky Safe Browser suffers from a man-in-the-middle vulnerability.
c560a316f015bf550738b9123c203979The Acer Portal Android application version 3.9.3.2006 and below, installed by the manufacturer on all Acer branded Android devices, does not validate the SSL certificate it receives when connecting to the mobile application login server.
18577e2af30c987e1bffc397498a8603Trend Micro Mobile Security iOS application versions 3.1.1034 and below fail to validate the SSL certificate it receives when connecting to the mobile application login server.
85cb234c73866b26c22a4774c83e692fPanda SM Manager versions 2.0.10 and below fail to verify the SSL certificate they receive when connecting to a secure site.
99ed3f6629989317abc7b5beee211062
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed