Improper verification of applicationsโ cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on userโs systems by altering the serverโs API response.