Planet Fitness · Planet Fitness Workouts · CVE-2024-43201
**Name of the Vulnerable Software and Affected Versions**
The Planet Fitness Workouts iOS and Android mobile apps versions prior to 9.8.12
**Description**
The issue is related to the failure of the Planet Fitness Workouts iOS and Android mobile apps to properly validate TLS certificates. This allows an attacker with appropriate network access to obtain session tokens and sensitive information.
**Recommendations**
For versions prior to 9.8.12, update to version 9.8.12 or later to resolve the issue. As a temporary workaround, consider restricting network access to the app until the update is applied.