Injection Vulnerability in Shazam Android and iOS Apps by Apple
CVE-2019-8792

8.8HIGH

Key Information:

Vendor: Apple
Status: Shazam-android; Shazam-iOS
Vendor: CVE Published:; 18 December 2019

Summary

A significant injection vulnerability has been identified in the Shazam applications for Android and iOS. This vulnerability arises due to insufficient validation, which may allow an attacker to craft a malicious URL. If processed by the affected app versions, this can lead to the execution of arbitrary JavaScript code, potentially compromising user data and app integrity. The issue has been addressed in the latest updates, with users urged to upgrade to ensure protection against this threat.

Affected Version(s)

Shazam-Android < unspecified

Shazam-iOS < unspecified

References

https://support.apple.com/HT210744

x_refsource_MISC

https://support.apple.com/HT210745

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2019
Vulnerability Reserved
Feb 18, 2019