2 matches found
CVE-2021-33057
The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...
CVE-2021-33057
The CVE-2021-33057 entry concerns Tencent QQ version 8.7.1 on Android and iOS. The issue is that QQ does not enforce location permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) when determining the device’s physical location. An attacker can use qq.createMapContext to instant...