Security Advisory | AppStore Remote Download and Installation Vulnerability
Original release date: 2020-08-05
CVE ID
CVE-2020-12483
CVSS 3.1 Base Score
8.2 High (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)
Description
The appstore exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.
Software Versions and Fixes
- Software Affected Version Fixed Version
- AppStore Versions earlier than 8.12.0.0 Upgrade to 8.12.0.0 or later
Temporary Fix
NA
Obtaining Fixed Software
The vulnerability can be fixed by performing system updates.
Source
Tencent Mobile Security Lab Zidong Han, Jingwei Han submitted via GeekPwn.
vivo would like to thank them for working with us and coordinated vulnerability disclosure.
Update Records
2020-08-05 V1.0 INITIAL
FAQs
NA
vivo Security Procedures
vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.