All Apple news

In the App Store and iTunes discovered a critical vulnerability [video]

Expert Vulnerability Lab Benjamin Kunz Mejri discovered a dangerous vulnerability in the system for issuing invoices in the App Store and iTunes, the operation of which can lead to session hijacking and manipulation of invoices, Securitylab reports. The flaw occurs due to incorrect data validation on the application side and allows you to remotely inject malicious code into the vulnerable function and service modules.

According to Meiri, the attacker can preexploitation vulnerability by manipulating the value of the name (the name under which the product is sold) in the invoice by changing to the malicious code. When purchasing products in Apple stores a server application encodes the value of its name under certain conditions in order to generate the invoice before sending it to the seller. This vulnerability could allow remote code execution on the application side.

Since the invoice is for the seller and for the buyer, and those and others, as well as the developers and operators of the site are at risk, I’m sure Miri. Attackers can exploit the vulnerability to interception sessions, phishing attacks, redirection to third-party sources and the manipulation of vulnerable or connected service modules.

The researcher presented a video showing the operation of the gaps, and has also published detailed instructions.

Read also:   Google announced the end of support Chrome for OS X 10.6, 10.7 and 10.8 from April 2016

Leave a Reply

Your email address will not be published. Required fields are marked *