AMC Security - Antivirus Boost - Customized SSL, Runtime privilege escalation, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application AMC Security - Antivirus Boost published at the 'play' market has multiple vulnerabilities...

CVE-2014-5646

The AMC Security- Antivirus, Clean aka com.iobit.mobilecare application 4.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The AMC Security- Antivirus, Clean aka com.iobit.mobilecare application 4.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5646

The CVE-2014-5646 entry concerns the AMC Security- Antivirus, Clean (com.iobit.mobilecare) app for Android (version 4.4.1). The vulnerability is that the application does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...