CVE-2014-6885
The CVE-2014-6885 vulnerability affects the Academy Sports + Outdoors Visa Android app (package com.usbank.icsmobile.academysports) version 1.18, where SSL servers’ X.509 certificates are not verified. This underpins a man-in-the-middle risk, allowing an attacker to spoof servers and access sensi...