>

>

Security Advisory

>

Details

Security Advisory | AppStore Remote Download and Installation Vulnerability

Original release date: 2020-08-05

CVE ID

CVE-2020-12483

CVSS 3.1 Base Score

8.2 High (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)

Description

The appstore exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.

Software Versions and Fixes

Software Affected Version Fixed Version
AppStore Versions earlier than 8.12.0.0 Upgrade to 8.12.0.0 or later

Temporary Fix

NA

Obtaining Fixed Software

The vulnerability can be fixed by performing system updates.

Source

Tencent Mobile Security Lab Zidong Han, Jingwei Han submitted via GeekPwn.

vivo would like to thank them for working with us and coordinated vulnerability disclosure.

Update Records

2020-08-05 V1.0 INITIAL

FAQs

NA

vivo Security Procedures

vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.