CVE-2020-7705

This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mintegral:mintegraladsdk:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type Values Removed Values Added
References () https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/ - Third Party Advisory () https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/ - Third Party Advisory
References () https://snyk.io/research/sour-mint-malicious-sdk/ - Third Party Advisory () https://snyk.io/research/sour-mint-malicious-sdk/ - Third Party Advisory
References () https://snyk.io/vuln/SNYK-COCOAPODS-MINTEGRALADSDK-598852 - Third Party Advisory () https://snyk.io/vuln/SNYK-COCOAPODS-MINTEGRALADSDK-598852 - Third Party Advisory
CVSS v2 : 5.8
v3 : 8.1
v2 : 5.8
v3 : 7.1

Information

Published : 2020-08-24 18:15

Updated : 2024-11-21 05:37


NVD link : CVE-2020-7705

Mitre link : CVE-2020-7705

CVE.ORG link : CVE-2020-7705


JSON object : View

Products Affected

mintegral

  • mintegraladsdk
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames