The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept:HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload:
< script >alert('XSS Here')< / script>
Remediation:I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.The new release is now available:Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer References:https://www.roblest.com/#research:CVE-2013-5118 Can the comunity please provide feedback and comments in order to ensure the fix is working wellMany thanksMario
View the original article here
Showing posts with label Enterprise. Show all posts
Showing posts with label Enterprise. Show all posts
RSS Feed
Twitter
Facebook