(Mobile Pwn2Own) Amazon App Store HTTPS Downgrade Vulnerability

ID ZDI-15-160
Type zdi
Reporter MWR Labs
Modified 2015-06-22T00:00:00


This vulnerability allows remote attackers to transmit unencrypted traffic on the Amazon App Store. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. All the HTML content within the Amazon App Store is transmitted over HTTPS and URIMatchers. The URIMatchers do not limit traffic to only HTTPS; Therefore, it is possible to request traffic over HTTP. An attacker can chain this vulnerability with other vulnerabilities to install malicious applications.