This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2020-08-24T17:15:15.656010Z
Updated: 2024-09-16T19:46:34.178Z
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7705
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-08-24T18:15:10.143
Modified: 2020-09-02T14:53:50.817
Link: CVE-2020-7705
Redhat
No data.