funflirt.de - Die Flirt-App - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application funflirt.de - Die Flirt-App published at the 'play' market has multiple vulnerabilities...

CVE-2014-5648

CVE-2014-5648 affects the Android app “Chat, Flirt & Dating Heart JAUMO” (com.jaumo) at version 2.7.5. The vulnerability is that the app does not verify X.509 certificates when connecting to SSL servers, which enables a man-in-the-middle attacker to spoof servers and exfiltrate sensitive data via...