CAN-2022-1002518

Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002518.json
Published
2022-05-19T10:08:18.152370Z
Modified
2022-05-19T10:08:18.152370Z
Details

In Apple iPhone, iPad version ALL a CWE-158: Improper Neutralization of Null Byte or NUL Character exists in the QR/Barcode Scanner that can be attacked via Phishing, Social engineering resulting in As other scanners checked, such as on various Android devices, escape or strip the QR with embedded NUL - this can lead to various attacks including phishing (Apple users will see something different than other users) and resulting in this vulnerability extending to other applications that rely on the Apple scanner

References

Affected packages

GSD / iPhone, iPad

iPhone, iPad

Affected ranges

Affected versions

Other

ALL