PianoPlay: 5SOS - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application PianoPlay: 5SOS published at the 'play' market has multiple vulnerabilities...

Information disclosure

The 5SOS Family Planet aka uk.co.pixelkicks.fivesos application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6694

The 5SOS Family Planet aka uk.co.pixelkicks.fivesos application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6694

The CVE-2014-6694 issue affects the Android app “5SOS Family Planet” (package uk.co.pixelkicks.fivesos) version 2.3.4, where the app does not verify X.509 certificates from SSL servers. This pluggable weakness enables man-in-the-middle attackers to spoof servers and obtain sensitive information v...