CVE-2014-6869
The affected software is the Android barcode scanner app (tw.com.books.android.plus) version 2.3.0. The root cause is that it does not verify X.509 certificates from SSL servers, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. This...