CVE-2014-5658
The MercadoLibre Android app (pre-3.10.6) was found to not validate SSL certificates, due to a faulty X509TrustManager in the LoopJ Async HTTP client. This allowed MITM attackers to spoof servers and potentially capture credentials and payment data. The issue was fixed in version 3.10.6 by updati...