(Mobile Pwn2Own) Amazon App Store HTTPS Downgrade Vulnerability

2015-04-29T00:00:00
ID ZDI-15-160
Type zdi
Reporter MWR Labs
Modified 2015-06-22T00:00:00

Description

This vulnerability allows remote attackers to transmit unencrypted traffic on the Amazon App Store. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. All the HTML content within the Amazon App Store is transmitted over HTTPS and URIMatchers. The URIMatchers do not limit traffic to only HTTPS; Therefore, it is possible to request traffic over HTTP. An attacker can chain this vulnerability with other vulnerabilities to install malicious applications.