Wednesday, April 17, 2024

Vulnerability with VLC for iOS Allows Attackers to Steal Data from Storage

A vulnerability with VLC for iOS allows local attackers to steal the data from the storage by just having the source URL/IP.

The vulnerability was discovered by the security researcher Dhiraj and the flaw resides in the functionality of the application for iOS.

Vulnerability with VLC for iOS

According to the researcher, the “VLC for iOS was vulnerable to an unauthenticated insecure direct object reference“, an attacker can exploit this vulnerability by just changing the “id”, “pid”, “uid” in the URL.

So the website or the application saves the request and it goes to the database and fetches different records than the permitted for the user.

Here the vulnerability resides in the functionality that allows users to share files with others over WiFi.

If two users sharing the video over Wi-Fi using vlc-iOS and the third user by just having the source IP can trigger a successfully unauthenticated IDOR.

It is a free VLC media player to iPad, iPhone, and iPod touch. It is a free open source cross-platform multimedia player and framework that plays most multimedia files.

The bug has been reported to VLC and it was fixed with version Version 3.2.7, which was released on March 25th.

Along with this, they fixed other bugs, here you can get the complete details.


Latest articles

LightSpy Hackers Target Indian Apple Device Users To Steal Sensitive Data

Hackers target Apple device users because they are perceived to be of higher social...

Trustifi’s Email Security Awareness Training – Empowering MSPs to Train & Protect Clients

In today's digital landscape, email security has become a critical concern for businesses of...

Personal Data Exposed in Massive Global Hack: Understanding the Implications & Guarding Privacy- Axios Security Group

In a digital age where information is the new currency, the recent global hack...

Ex-Security Engineer Jailed For Hacking Decentralized Cryptocurrency Exchanges

Ahmed exploited a vulnerability in a decentralized cryptocurrency exchange's smart contract by injecting fabricated...

Omni Hotels & Resorts Hack: Attackers have Stolen Customer Information

Omni Hotels & Resorts has revealed that it was the target of a recent...

Connect:fun Attacking Organizations Running Fortinet’s FortiClient EMS

A new exploit campaign has emerged, targeting organizations that utilize Fortinet’s FortiClient EMS.Dubbed...

TA558 Hackers Compromised 320+ Organizations’ FTP & SMTP Servers

TA558, a financially motivated threat actor identified in 2018, is targeting several countries but...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles