Jmaxxz

**Name of the Vulnerable Software and Affected Versions** AutoMobility MyCar versions prior to 3.4.24 on iOS AutoMobility MyCar versions prior to 4.1.2 on Android **Description** The mobile application contains hard-coded admin credentials, allowing a remote unauthenticated attacker to send commands to and retrieve data from a target unit. This may enable the attacker to learn the location of a target or gain unauthorized physical access to a vehicle. **Recommendations** For AutoMobility MyCar versions prior to 3.4.24 on iOS, update to version 3.4.24 or later. For AutoMobility MyCar versions prior to 4.1.2 on Android, update to version 4.1.2 or later.