Lucene search
K

471 matches found

Vulnrichment
Vulnrichment
added 2025/07/10 10:23 p.m.5 views

CVE-2025-31267

An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information...

5.8AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/10 10:23 p.m.10 views

CVE-2025-31267

An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information...

0.00186EPSS
Exploits0References1
CVE
CVE
added 2025/07/10 10:23 p.m.34 views

CVE-2025-31267

CVE-2025-31267 : Apple App Store Connect had an authentication issue caused by problematic state management. It could allow an attacker with physical access to an unlocked device to view sensitive user information. The issue is fixed in App Store Connect 3.0. Affected version: App Store Connect p...

4.6CVSS5.8AI score0.00186EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.4 views

PT-2025-29173 · Apple · App Store Connect

Name of the Vulnerable Software and Affected Versions: App Store Connect versions prior to 3.0 Description: An authentication issue existed due to improved state management. An attacker with physical access to an unlocked device may be able to view sensitive user information. Recommendations:...

4.6CVSS6AI score0.00186EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.6 views

Apple App Store Connect 安全漏洞

Apple App Store Connect is an Apple platform for developers to manage and distribute applications. A security vulnerability exists in Apple App Store Connect version 3.0, which stems from an authentication issue that could lead to the disclosure of sensitive user information...

4.6CVSS6.3AI score0.00186EPSS
Exploits0References3
HackRead
HackRead
added 2025/06/24 7:57 p.m.7 views

SparkKitty Spyware on App Store and Play Store, Steals Photos for Crypto Data

Kaspersky uncovers SparkKitty, new spyware in Apple App Store & Google Play. Steals photos, targets crypto info, active since early 2024 via malicious apps...

6.8AI score
Exploits0
Apple
Apple
added 2025/06/09 12:0 a.m.107 views

About the security content of App Store Connect 3.0

About the security content of App Store Connect 3.0 This document describes the security content of App Store Connect 3.0. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

4.6CVSS5.6AI score0.00186EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2025/05/28 6:11 a.m.7 views

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive...

6.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.7 views

CVE-2023-6450

An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service...

5.5CVSS6.8AI score0.00161EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:14 a.m.9 views

CVE-2023-40435

This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials...

5.5CVSS6.4AI score0.00236EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.30 views

CVE-2020-14121

A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation...

5.5CVSS6.7AI score0.00188EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.10 views

CVE-2020-14118

An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps...

6.1CVSS6.8AI score0.00541EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:1 a.m.7 views

CVE-2013-5193

The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a 1 App purchase or 2 In-App purchase by leveraging previous entry of Apple ID credentials...

4.7CVSS6.3AI score0.00258EPSS
Exploits1References1
OSV
OSV
added 2025/03/28 3:21 a.m.3 views

MAL-2025-2772 Malicious code in macappstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0467c582858f86d97b65e2ac8bcbe719cd97323136272b766d45045822a7baab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/02/18 5:38 p.m.6 views

CVE-2025-25300 smartbanner.js rel noopener XSS vulnerability

smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...

5.3CVSS6.7AI score0.00387EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/02/06 11:32 a.m.28 views

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition OCR model to exfiltrate select images...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/06 12:48 a.m.6 views

CVE-2022-3611

An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications...

7.6CVSS6.5AI score0.00406EPSS
Exploits0References3
Securelist
Securelist
added 2025/02/05 8:0 a.m.14 views

Take my money: OCR crypto stealers in Google Play and App Store

Update 07.02.2025: Google removed malicious apps from Google Play. Update 06.02.2025: Apple removed malicious apps from the App Store. In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. Some of these scanned users' image galleries in search of...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2025/02/05 1:34 a.m.575 views

Exploit for Improper Input Validation in Apple Itunes_U

CVE-2021-30862 In 2021, CodeColorist released his writeups on...

6.8CVSS7AI score0.0224EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/04 11:57 p.m.12 views

CVE-2024-4130

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges...

7.8CVSS7.1AI score0.00174EPSS
Exploits0
Rows per page
Query Builder