CVE-2024-43201 Information

Description

The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates allowing an attacker with appropriate network access to obtain session tokens and sensitive information.

Reference

https://apps.apple.com/us/app/planet-fitness-workouts/id399857015 url https://dontvacuum.me/bugs/pf/ url