471 matches found
CVE-2025-31267
An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information...
CVE-2025-31267
An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information...
CVE-2025-31267
CVE-2025-31267 : Apple App Store Connect had an authentication issue caused by problematic state management. It could allow an attacker with physical access to an unlocked device to view sensitive user information. The issue is fixed in App Store Connect 3.0. Affected version: App Store Connect p...
PT-2025-29173 · Apple · App Store Connect
Name of the Vulnerable Software and Affected Versions: App Store Connect versions prior to 3.0 Description: An authentication issue existed due to improved state management. An attacker with physical access to an unlocked device may be able to view sensitive user information. Recommendations:...
Apple App Store Connect 安全漏洞
Apple App Store Connect is an Apple platform for developers to manage and distribute applications. A security vulnerability exists in Apple App Store Connect version 3.0, which stems from an authentication issue that could lead to the disclosure of sensitive user information...
SparkKitty Spyware on App Store and Play Store, Steals Photos for Crypto Data
Kaspersky uncovers SparkKitty, new spyware in Apple App Store & Google Play. Steals photos, targets crypto info, active since early 2024 via malicious apps...
About the security content of App Store Connect 3.0
About the security content of App Store Connect 3.0 This document describes the security content of App Store Connect 3.0. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive...
CVE-2023-6450
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service...
CVE-2023-40435
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials...
CVE-2020-14121
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation...
CVE-2020-14118
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps...
CVE-2013-5193
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a 1 App purchase or 2 In-App purchase by leveraging previous entry of Apple ID credentials...
MAL-2025-2772 Malicious code in macappstore (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0467c582858f86d97b65e2ac8bcbe719cd97323136272b766d45045822a7baab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-25300 smartbanner.js rel noopener XSS vulnerability
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...
SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition OCR model to exfiltrate select images...
CVE-2022-3611
An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications...
Take my money: OCR crypto stealers in Google Play and App Store
Update 07.02.2025: Google removed malicious apps from Google Play. Update 06.02.2025: Apple removed malicious apps from the App Store. In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. Some of these scanned users' image galleries in search of...
Exploit for Improper Input Validation in Apple Itunes_U
CVE-2021-30862 In 2021, CodeColorist released his writeups on...
CVE-2024-4130
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges...