CVE-2017-3182

Name of the Vulnerable Software and Affected Versions: ThreatMetrix SDK versions prior to 3.2

Description: The issue concerns the failure to validate SSL certificates provided by HTTPS connections, potentially allowing an attacker to perform a man-in-the-middle (MITM) attack. ThreatMetrix is a security library for mobile applications aimed at providing fraud prevention and device identity capabilities. An affected application communicates with "https://h-sdk.online-metrix.net" regardless of the connection's security. This could enable an attacker on the same network or upstream from the iOS device to view or modify ThreatMetrix network traffic that should have been protected by HTTPS.

Recommendations: For ThreatMetrix SDK versions prior to 3.2, update to version 3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the https://h-sdk.online-metrix.net endpoint until the update is applied.