Texture Canada Unencrypted Third Party Analytics

Credit: David Coomber
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-119

CVSS Base Score: 4/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

Texture Canada Android & iOS Applications - Unencrypted Third Party Analytics (CVE-2019-8632) -- https://www.info-sec.ca/advisories/Texture.html Overview "Texture: Unlimited access to over 100 of the world's best magazines on your computer, smartphone or tablet." (https://play.google.com/store/apps/details?id=com.nim.rogers) (https://itunes.apple.com/ca/app/texture-canada/id649174756) Issue The Texture Canada Android & iOS applications (Android version, iOS version 5.11.6 and below) sends potentially sensitive information such as number of app launches, device model, Android or iOS version and screen resolution, unencrypted to a third party site (ScorecardResearch). Impact An attacker who can monitor network traffic could capture potentially sensitive information about the user's device without their knowledge. Timeline July 10, 2018 - Attempted to notify Texture of the issue via security@texture.ca July 10, 2018 - Attempted to notify Texture of the issue via support@texture.ca July 12, 2018 - Provided the details of the issue to Apple via product-security@apple.com May 9, 2019 - Published an advisory to document the issue Solution Upgrade to Android version or iOS version 5.11.10 (U.S. versions are also affected but have not been tested) https://support.apple.com/en-us/HT210110 https://support.apple.com/en-us/HT210111 https://support.apple.com/en-us/HT201222 CVE-ID: CVE-2019-8632

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com


Back to Top