Panda Mobile Security for iOS CVE-2017-8060 TLS Certificate Validation Security Bypass Vulnerability

Panda Mobile Security for iOS is prone to a security-bypass vulnerability.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions.

Panda Mobile Security for iOS 1.1 is vulnerable.

Information

Bugtraq ID: 98327
Class: Design Error
CVE: CVE-2017-8060

Remote: Yes
Local: No
Published: May 05 2017 12:00AM
Updated: May 05 2017 12:00AM
Credit: Will Strafach
Vulnerable: Panda Mobile Security 1.1

Not Vulnerable:

Exploit

An attacker can exploit this issue using readily available tools.

References:

• Panda Homepage (Panda)
  
• Follow up: 76 Popular Apps Confirmed Vulnerable to Silent Interception of TLS-Pr (medium.com)
  

Source: www.securityfocus.com