CVE-2022-44549 The LBS module has a vulnerability in geofencing API access

CVE-2022-44549 The LBS module has a vulnerability in geofencing API access

An attacker with privileged access to the system may be able to trick the user into entering sensitive data. The geofencing API allows third-party apps to detect users’ locations, perform actions (e.g. alerting a loved one when the user arrives home) or track users’ movements. LBS geofencing vulnerability allows an attacker to make a malicious app user’s phone to accurate geofencing detection, which may allow the attacker to steal sensitive data. This vulnerability may allow local attackers to receive notifications of your location and track your movement. An attacker may also be able to make a malicious app user’s phone to accurate geofencing detection, which may allow the attacker to steal sensitive data. This vulnerability may allow remote attackers to receive notifications of your location and track your movement.

Vulnerability overview

The geofencing API allows third-party apps to detect users’ locations, perform actions (e.g. alerting a loved one when the user arrives home) or track users’ movements. With a privileged access, an attacker may be able to make a malicious app user’s phone to accurate geofencing detection, which may allow the attacker to steal sensitive data. This vulnerability allows local attackers to receive notifications of your location and track your movement. An attacker may also be able to make a malicious app user’s phone to accurate geofencing detection, which may allow the attacker to steal sensitive data. This vulnerability allows remote attackers to receive notifications of your location and track your movement.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe