CVE-2014-5858
The CVE-2014-5858 entry concerns the Candy Blast (com.appgame7.candyblast) Android app version 1.1.001, which fails to verify X.509 certificates from SSL servers. This weakens TLS and can permit a man-in-the-middle to spoof servers and obtain sensitive information via a crafted certificate. The p...