Vulnerability Description
This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mintegral | Mintegraladsdk | >= 0.0.0 |
Related Weaknesses (CWE)
References
- https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/Third Party Advisory
- https://snyk.io/research/sour-mint-malicious-sdk/Third Party Advisory
- https://snyk.io/vuln/SNYK-COCOAPODS-MINTEGRALADSDK-598852Third Party Advisory
- https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/Third Party Advisory
- https://snyk.io/research/sour-mint-malicious-sdk/Third Party Advisory
- https://snyk.io/vuln/SNYK-COCOAPODS-MINTEGRALADSDK-598852Third Party Advisory
FAQ
What is CVE-2020-7705?
CVE-2020-7705 is a vulnerability with a CVSS score of 7.1 (HIGH). This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along ...
How severe is CVE-2020-7705?
CVE-2020-7705 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7705?
Check the references section above for vendor advisories and patch information. Affected products include: Mintegral Mintegraladsdk.