CVE-2015-5655 Information

Description

The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Reference

http://jvn.jp/en/jp/JVN48211537/995687/index.html http://jvn.jp/en/jp/JVN48211537/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000159