CVE-2017-12697

A Man-in-the-Middle issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server...

CVE-2017-12695

CVE-2017-12695 affects the Shanghai OnStar iOS Client (GM SOS) version 7.1. The vulnerability is described as an Improper Authentication flaw that could allow an attacker to subvert security mechanisms and reset a user account password. Connected sources also reference related issues in the same ...

CVE-2017-9663

CVE-2017-9663 concerns a vulnerability in the General Motors (GM) and Shanghai OnStar SOS iOS Client (version 7.1) where a sensitive encryption key is stored in cleartext in memory. This cleartext storage of sensitive information could allow a remote attacker to access the key, with a CVSSv3 base...

CVE-2016-10511

The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS ap...

General Motors and Shanghai OnStar (SOS) iOS Client

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: General Motors GM, Shanghai OnStar SOS Equipment: SOS iOS Client Vulnerabilities: Cleartext Storage of Sensitive Information, Man-in-the-Middle, Improper Authentication REPOSTED INFORMATION This advisory was originall...