Title: |
Vulnerability in Nimbuzz for Android |
Time: |
02 Dec 2011 |
Author: |
Daoyuan Wu*, Xiapu Luo* and Rocky K. C. Chang |
|
Department of Computing, The Hong Kong Polytechnic University, Hong Kong |
|
* authors with equal contributions |
CVE ID: |
CVE-2011-4702 |
Category: |
To Be Confirmed
|
Related Vendor: |
Nimbuzz B.V. |
Archive Time: |
December 2, 2011 HKT |
Package Name: |
com.nimbuzz |
Full Name: |
Nimbuzz |
Affected Version: |
2.0.8 and 2.0.10 (the latest version in 02 Dec 2011) |
Package Installs: |
1,000,000 - 5,000,000 |
Market Link: |
https://market.android.com/details?id=com.nimbuzz |
Status: |
Breif impact description now releases to public.
|
Breif Description: |
Allow a malicious application to access and manipulate the user’s contacts. |
Contact Time: |
Dec 16, 2011 at 3:05 PM HKT
|
Confirm Time: |
No reply, although we have notified them. |
Patched Time: |
Unknown |
Patched Status: |
Unknown |
Although we only mention one or several affected version in our report, other versions may also be vulnerable, e.g. lower version, pad version or paid version.