CVE-2024-10748

Name of the Vulnerable Software and Affected Versions Cosmote Greece What's Up App version 4.47.3

Description A problematic issue has been found in the Cosmote Greece What's Up App, affecting the Realm Database Handler component, specifically the file gr/desquared/kmmsharedmodule/db/RealmDB.java. The manipulation of the defaultRealmKey argument leads to the use of a default cryptographic key. Local access is required to approach this attack, and the complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For Cosmote Greece What's Up App version 4.47.3, update to a patched version as soon as possible and rotate encryption keys to mitigate the risk of sensitive data exposure. As a temporary workaround, consider restricting access to the Realm Database Handler component until a patch is available.