CVE-2020-25900

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

CVE-2025-31959 HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

PT-2026-37631

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

Next-Generation MIMO Transceivers for Integrated Sensing and Communications: Unique Security Vulnerabilities and Solutions

Integrated sensing and communications ISAC, which is recognized as a key enabler for sixth generation 6G, has brought new opportunities for intelligent, sustainable, and connected wireless networks. Multiple-input multiple-output MIMO transceiver technology lies at the core of this paradigm,...

Cryptanalysis of a Privacy-Preserving Ride-Hailing Service from NSS 2022

Ride-Hailing Services RHS match a ride request initiated by a rider with a suitable driver responding to the ride request. A Privacy-Preserving RHS PP-RHS aims to facilitate ride matching while ensuring the privacy of riders' and drivers' location data w.r.t. the Service Provider SP. At NSS 2022,...

Tile trackers plagued by weak security, researchers warn

Researchers at the Georgia Institute of Technology scrutinized the security of the popular Tile tracker and came out disappointed. Bluetooth trackers are a steadily growing market, and Life360 is one of the major players. In 2021, Amazon expanded its Sidewalk network to include Tile. That means...

Versatile and Fast Location-Based Private Information Retrieval with Fully Homomorphic Encryption over the Torus

Location-based services often require users to share sensitive locational data, raising privacy concerns due to potential misuse or exploitation by untrusted servers. In response, we present VeLoPIR, a versatile location-based private information retrieval PIR system designed to preserve user...

CVE-2023-23537

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information...

CVE-2021-31815

GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...

CVE-2024-54491

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location...

CVE-2023-42943

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14. An app may be able to read sensitive location information...

CVE-2024-27839

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location...

CVE-2023-40437

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information...

CVE-2022-42839

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information...

Google Agrees to $93 Million Settlement in California's Location-Privacy Lawsuit

Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws. "Our investigation revealed that Google was telling its users one thing – that it...

CVE-2023-38605

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location...

CVE-2023-38605

CVE-2023-38605 affects macOS Ventura 13.5 and relates to an information-disclosure issue where an app may be able to determine a user’s current location. The underlying issue is described as an improvement in redaction of sensitive information, and Apple notes the fix is included in macOS Ventura...

CVE-2023-36862

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location...

CVE-2023-32415

CVE-2023-32415 relates to an issue in Apple's platform disclosures where an app could read sensitive location information. The connected sources confirm this affects iOS 16.5 and iPadOS 16.5, tvOS 16.5, and macOS Ventura 13.4, with the root cause described as insufficient redaction of location da...

How to Make Sure You’re Not Accidentally Sharing Your Location

Keep your movements private...