Location Permission Spoofing Vulnerability in Opera Mini for Android
CVE-2018-16135

6.5MEDIUM

Key Information:

Vendor: Opera
Status: Opera Mini
Vendor: CVE Published:; 26 December 2022

Badges

👾 Exploit Exists

Summary

A vulnerability in the Opera Mini application for Android allows malicious actors to manipulate the Location Permission dialog. By crafting a deceptive website, attackers can spoof user location permissions, leading to unauthorized access to geolocation data and potential exploitation of sensitive information. It is essential for users to remain vigilant and ensure their applications are updated to mitigate risks associated with such vulnerabilities.

References

https://payatu.com/advisory/opera-mini-location-permissio...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2022
🟡
Public PoC available
Mar 21, 2020
👾
Exploit known to exist
Mar 21, 2020
Vulnerability Reserved
Aug 29, 2018