Zack Whittaker

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an Insecure Direct Object Reference (IDOR) issue. This means that the system fails to properly validate access to specific objects, potentially allowing unauthorized access or manipulation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HUAWEI HiLink APP (for IOS) versions prior to 5.0.25.306 HUAWEI Tech Support APP (for IOS) versions prior to 5.0.0 **Description** The issue allows an attacker to collect information about the iPhone model and firmware version when an iPhone with the affected apps installed connects to a Wi-Fi hotspot built by the attacker. **Recommendations** For HUAWEI HiLink APP (for IOS) versions prior to 5.0.25.306, update to version 5.0.25.306 or later. For HUAWEI Tech Support APP (for IOS) versions prior to 5.0.0, update to version 5.0.0 or later.