EUVD-2021-19772

Malware in sbrugna...

CVE-2021-33057

The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...

CVE-2021-33057

The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...

Design/Logic Flaw

The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...

CVE-2021-33057

The CVE-2021-33057 entry concerns Tencent QQ version 8.7.1 on Android and iOS. The issue is that QQ does not enforce location permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) when determining the device’s physical location. An attacker can use qq.createMapContext to instant...

CVE-2021-33057

The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...

PT-2022-10197 · Tencent · Qq

Name of the Vulnerable Software and Affected Versions: QQ application version 8.7.1 Description: The issue concerns the QQ application's failure to enforce permission requirements for determining a device's physical location, such as android.permission.ACCESS FINE LOCATION. An attacker can exploi...