ID HACKAPP:COM.JUNGLE.MONKEY.FREE.APK
Type hackapp
Reporter Hackapp.org
Modified 2016-04-01T09:43:43
Description
HackApp vulnerability scanner discovered that application Jungle Monkey Run published at the 'play' market has multiple vulnerabilities.
{"published": "2016-04-01T09:43:43", "id": "HACKAPP:COM.JUNGLE.MONKEY.FREE.APK", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "hash": "62ca7f2db298500485208bef40e8f29f7404ce16f5c6f70297dd798707526382", "description": "HackApp vulnerability scanner discovered that application Jungle Monkey Run published at the 'play' market has multiple vulnerabilities.", "type": "hackapp", "lastseen": "2016-09-26T20:43:38", "edition": 1, "hackapp": {"icon": "http://lh3.googleusercontent.com/mUh_LomtciSzrb2AUr7RThl80AisY1_8hy4ToACQqZFssGltKFQgFCJWgxhQIbNZk3JB=w300", "version": "1.8", "release": "2016-03-21T00:00:00", "name": "Jungle Monkey Run", "vendor": "STEM Studios", "link": "https://play.google.com/store/apps/details?id=com.jungle.monkey.free&hl=en", "store": "play", "apk": "COM.JUNGLE.MONKEY.FREE.APK", "bugs": [{"name": "WebView JavaScript enabled", "id": "b7440495da777efe13870ee94337c784", "severity": "medium", "description": "WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks."}, {"name": "Native code usage", "id": "7de214f21ba3bf4b0f82d25c022d67f4", "severity": "notice", "description": "Native code (.so) usage 'System.loadLibrary();' is found."}, {"name": "External URLs", "id": "e31e44076e15ec33ddb1163d8f06661e", "severity": "notice", "description": "Were do they point?"}, {"name": "SD-card access", "id": "ceaa48ee570a25c721b6541c4498f6de", "severity": "medium", "description": "SD-cards and other external storages have 'worldwide read' policy."}, {"name": "Dynamic Code Loading", "id": "a1169d4bd8cfc872f58f4c75e6cf101f", "severity": "medium", "description": "Code for 'DexClassLoader' could be tampered."}, {"name": "WebView files access", "id": "b033cedc1253248816f0e2676cc50d1c", "severity": "medium", "description": "Control of WebView context allows to access local files.\n\t\t\t"}, {"name": "Unsafe deleting", "id": "18174a0e956cf0575e76c63634ffa04d", "severity": "notice", "description": "All items deleted with 'file.delete()' could be recovered."}, {"name": "Suspicious files", "id": "00ba1ac994b016eeb0dd380fe0a399f9", "severity": "notice", "description": "Are you sure these files should be here?"}]}, "title": "Jungle Monkey Run - Dynamic Code Loading, External URLs, Native code usage vulnerabilities", "href": "https://hackapp.com/report/6a2a7c791f407fee29885e47512e9b1f", "modified": "2016-04-01T09:43:43", "bulletinFamily": "software", "viewCount": 1, "cvelist": [], "affectedSoftware": [{"version": "1.8", "name": "Jungle Monkey Run", "operator": "le"}], "references": ["https://play.google.com/store/apps/details?id=com.jungle.monkey.free&hl=en"], "reporter": "Hackapp.org", "hashmap": [{"hash": "97d7298e7b0af65a255fa81ab10dd707", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "8bac84da2352a9a982f19cb68494573e", "key": "description"}, {"hash": "88ed401f39e3df661140f5cb2148caf2", "key": "hackapp"}, {"hash": "e3ff13133523bfea6f79a299b0ca3870", "key": "href"}, {"hash": "da4ad94243a993f907b83d372e85a16a", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "da4ad94243a993f907b83d372e85a16a", "key": "published"}, {"hash": "9051f8778414c71c3423616738465377", "key": "references"}, {"hash": "3b012aae1848bb95fe11f3cebae83cb0", "key": "reporter"}, {"hash": "dde9d7d40e05dda605d771c1714a7a52", "key": "title"}, {"hash": "96e87ef1fcc8d9d3cdd337488987c423", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "objectVersion": "1.2"}
{}
