PT-2024-36015 · Unknown · Skylark App For Ios+1

Ryo Sato

Published

2024-12-05

Updated

2024-12-05

CVE-2024-54014

CVSS v3.1

3.6

Low

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Skylark App for Android versions 6.2.13 and earlier Skylark App for iOS versions 6.2.13 and earlier

Description: The issue is related to improper authorization in the handler for a custom URL scheme, allowing an attacker to lead the application to access an arbitrary web site via another application installed on the user's device.

Recommendations: For Skylark App for Android versions 6.2.13 and earlier, consider restricting access to custom URL schemes until a patch is available. For Skylark App for iOS versions 6.2.13 and earlier, consider restricting access to custom URL schemes until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-939

Related Identifiers

CVE-2024-54014

Affected Products

Skylark App For Android

Skylark App For Ios

PT-2024-36015 · Unknown · Skylark App For Ios+1

CVE-2024-54014

Weakness Enumeration

Related Identifiers

Affected Products

References · 6