CVE-2018-10812

Name of the Vulnerable Software and Affected Versions Bitpie application versions prior to 3.2.5

Description The issue allows local users to steal digital currency by accessing sensitive data stored in cleartext. On Android, this can be done by reading /com.biepie/shared prefs/com.bitpie preferences.xml with root access. On iOS, the data can be obtained from a plist file in the app data folder.

Recommendations For versions prior to 3.2.5, update to version 3.2.5 or later to resolve the issue. As a temporary workaround, consider restricting root access to the device to minimize the risk of exploitation.