The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Link | Tags |
---|---|
https://wwws.nightwatchcybersecurity.com/2017/07/18/advisory-googles-android-news-and-weather-app-doesnt-always-use-ssl-cve-2017-9245/ | third party advisory exploit |
http://seclists.org/fulldisclosure/2017/Jul/36 | mailing list exploit third party advisory |
http://www.securityfocus.com/bid/99892 | vdb entry third party advisory |