Mulitple QQ products for Android Security Bypass Vulnerabilities
RISK: Medium Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities have been identified in Mulitple QQ products for Android, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerabilities are caused due to an unspecified error and can be exploited to disclose and manipulate certain sensitive information like e.g. certain QQ account information, friends, messages, SMS call log and search keywords..
Successful exploitation requires that a malicious application is installed.
Impact
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- MobileQQ for Android version 2.2 and prior
- QQPhoto for Android version 0.97 (dated 29-Dec-2011) and prior
- QQPimSecure for Android 3.0.2 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
For MobileQQ for Android
Update to version 2.3.
For QQPhoto for Android
Update to fixed version 0.97 (dated 4-Jan-2012).
For QQPimSecure for Android
There is no patch available for this vulnerability.
Vulnerability Identifier
Source
Related Link
- http://secunia.com/advisories/47829/
- http://secunia.com/advisories/47836/
- http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4863-vulnerability-in-QQPimSecure.html
- http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4864-vulnerability-in-MobileQQ.html
- http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4867-vulnerability-in-QQPhoto.html
Share with