PT-2018-4810 · Unknown · Apk-Parser2
Published
2018-06-01
·
Updated
2019-10-09
·
CVE-2016-10632
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
apk-parser2 versions prior to the latest version, as no specific fixed version is mentioned and the package has not been updated since 2014.
Description
The issue concerns the insecure download of binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts and replaces the requested binary with a malicious one, particularly when the attacker has a privileged network position.
Recommendations
For all affected versions of apk-parser2, consider the following:
- Avoid using this package if possible, and opt for a different package instead.
- As a mitigation measure, reduce the risk of exploitation by avoiding the installation of this package while connected to a public network.
- If the package is installed on a private network, be aware that only those who have compromised the network or have privileged access to the ISP can exploit this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apk-Parser2