Alyssa Miller

**Name of the Vulnerable Software and Affected Versions** MintegralAdSDK versions prior to 6.6.0.0 **Description** The issue concerns malicious functionality within the SDK that acts as a backdoor, allowing Mintegral and its partners to remotely execute arbitrary code on a user's device. This enables them to perform unauthorized actions on the device. **Recommendations** For versions prior to 6.6.0.0, update to version 6.6.0.0 or later to resolve the issue. As a temporary workaround, consider restricting or disabling the use of the MintegralAdSDK until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** com.mintegral.msdk:alphab (affected versions not specified) **Description** The Android SDK contains malicious functionality that tracks downloads from Google URLs, including file downloads, e-mail attachments, and Google Docs links, as well as all APK downloads. The module listens to download events in Android's download manager and detects if the downloaded file's URL contains google.com or comes from a Google app, or ends with .apk for APK downloads. The captured data is sent back to Mintegral's servers. This functionality runs even when the app is not in focus, i.e., in the background. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MintegralAdSDK versions 0.0.0 and later **Description** The issue concerns malicious functionality within the MintegralAdSDK that tracks and reports any URL opened by the app, facilitating advertisement attribution fraud. The SDK can remotely activate hooks on various methods, including `UIApplication`, `openURL`, `SKStoreProductViewController`, `loadProductWithParameters`, and `NSURLProtocol`, along with employing anti-debug and proxy detection protection. If these hooks are active, the MintegralAdSDK sends obfuscated data about every opened URL to its servers, even if the SDK is not enabled for serving ads. **Recommendations** For MintegralAdSDK version 0.0.0, consider disabling the SDK until a patch is available to prevent the malicious functionality from tracking and reporting URL openings. As a temporary workaround, restrict access to the `UIApplication`, `openURL`, `SKStoreProductViewController`, `loadProductWithParameters`, and `NSURLProtocol` methods to minimize the risk of exploitation. Avoid using the MintegralAdSDK for serving ads until the issue is resolved to prevent advertisement attribution fraud.