An attacker with privileged access to the system may be able to trick the user into entering sensitive data. The geofencing API allows third-party apps to detect users’ locations, perform actions (e.g. alerting a loved one when the user arrives home) or track users’ movements. LBS geofencing vulnerability allows an attacker to make a malicious app user’s phone to accurate geofencing detection, which may allow the attacker to steal sensitive data. This vulnerability may allow local attackers to receive notifications of your location and track your movement. An attacker may also be able to make a malicious app user’s phone to accurate geofencing detection, which may allow the attacker to steal sensitive data. This vulnerability may allow remote attackers to receive notifications of your location and track your movement.
Vulnerability overview
The geofencing API allows third-party apps to detect users’ locations, perform actions (e.g. alerting a loved one when the user arrives home) or track users’ movements. With a privileged access, an attacker may be able to make a malicious app user’s phone to accurate geofencing detection, which may allow the attacker to steal sensitive data. This vulnerability allows local attackers to receive notifications of your location and track your movement. An attacker may also be able to make a malicious app user’s phone to accurate geofencing detection, which may allow the attacker to steal sensitive data. This vulnerability allows remote attackers to receive notifications of your location and track your movement.
Timeline
Published on: 11/09/2022 21:15:00 UTC
Last modified on: 11/10/2022 19:16:00 UTC