CVE-2018-15660

Name of the Vulnerable Software and Affected Versions Ola Money (aka com.olacabs.olamoney) version 1.9.0

Description An issue was discovered in the Ola Money application for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and transaction history. The vendor does not agree that this is a security issue requiring a fix.

Recommendations For Ola Money version 1.9.0, consider restricting the use of accessibility permissions to minimize the risk of exploitation. As a temporary workaround, review and limit the permissions granted to other applications to prevent potential data access. At the moment, there is no information about a newer version that contains a fix for this issue.