Open Redirect Vulnerability in Shazam Mobile Apps
CVE-2019-8791

6.1MEDIUM

Key Information:

Vendor: Apple
Status: Shazam-android; Shazam-iOS
Vendor: CVE Published:; 18 December 2019

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in Shazam's mobile applications related to improper validation of URL schemes. This flaw allows for the processing of specially crafted URLs, potentially enabling an attacker to redirect users to unintended locations. Shazam has addressed this issue by enhancing URL validation in updates to both its Android and iOS applications.

Affected Version(s)

Shazam-Android < unspecified

Shazam-iOS < unspecified

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Shazam-CVE-2019-8791-CVE-2019-8792
Created by ashleykinguk

References

https://support.apple.com/HT210744

x_refsource_MISC

https://support.apple.com/HT210745

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Jan 17, 2021
👾
Exploit known to exist
Jan 17, 2021
Vulnerability published
Dec 18, 2019
Vulnerability Reserved
Feb 18, 2019