EUVD-2014-5912

Malware in sbrugna...

Flurry Analytics - Dangerous filesystem permissions, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Flurry Analytics published at the 'play' market has multiple vulnerabilities...

Yik Yak Patches Privacy Flaw in iOS App

Yik Yak, an application that allows users to share purportedly anonymous status updates with others near them, has fixed a critical vulnerability in its iOS app that could have de-anonymized users and let attackers take total control of someone’s account. Yik Yak’s security team was apparently...

CVE-2014-6024

The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6024

The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6024

The vulnerability CVE-2014-6024 affects the Flurry library for Android older than 3.4.0, where X.509 certificates from SSL servers are not verified, enabling man-in-the-middle attackers to spoof servers and access sensitive information via crafted certificates. This is a component/feature flaw in...

Secret: secret app for iOS and android is sending some info over HTTP

POC for android: POST /metrics HTTP/1.1 Content-Type: application/json User-Agent: Dalvik/1.6.0 Linux; U; Android 4.2.2; googlesdk Build/JBMR1.1 Host: notify.bugsnag.com Connection: Keep-Alive Accept-Encoding: gzip Content-Length: 468...