20 matches found
CVE-2019-16263
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...
EUVD-2019-7066
Malware in sbrugna...
EUVD-2017-1254
Malware in sbrugna...
EUVD-2019-15022
Malware in sbrugna...
CVE-2019-5431
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter"...
Vulnerable Twitter API Leaves Tens of Thousands of iOS Apps Open to Attacks
Researchers are warning that an old Twitter API still used by popular iOS mobile apps that could be abused as part of a man-in-the-middle attack. It could be used to hijack Twitter accounts and compromise other third-party apps that are linked to the same “login with Twitter” feature. According t...
CVE-2019-16263
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...
CVE-2019-16263
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...
Code injection
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...
CVE-2019-16263
The CVE-2019-16263 issue affects the Twitter Kit framework for iOS up to version 3.4.2. The root cause is improper validation of the api.twitter.com SSL certificate, including a lack of hostname verification despite a pinned-certificate approach. This can enable man-in-the-middle attacks on apps ...
CVE-2019-16263
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...
CVE-2019-5431
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter"...
CVE-2019-5431
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter"...
Authentication flaw
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter"...
CVE-2019-5431
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter"...
Unspecified Vulnerability in Twitter Kit for iOS Login with Twitter Component
Twitter Kit for iOS is a set of open source native development kits for seamless interaction with Twitter on the iOS platform. login with Twitter component is one of the login components. A security vulnerability exists in the Login with Twitter component in Twitter Kit for iOS versions 3.0 throu...
CVE-2017-0911
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the...
CVE-2017-0911
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the...
CVE-2017-0911
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the...
CVE-2017-0911
CVE-2017-0911 affects Twitter Kit for iOS 3.0–3.2.1. The issue is a callback verification flaw in the Login with Twitter flow: the final response is sent back via the registered custom URL scheme without authenticating the response, enabling forgery and potential association of a Twitter account ...