GSD-2022-1002518
- Import Source
- https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002518.json
- Withdrawn
- 2023-03-14T07:01:09.290646Z
- Published
- 2022-05-19T10:08:18.152370Z
- Modified
- 2023-03-14T07:01:09.290646Z
- Details
-
In Apple iPhone, iPad version ALL a CWE-158: Improper Neutralization of Null Byte or NUL Character exists in the QR/Barcode Scanner that can be attacked via Phishing, Social engineering resulting in As other scanners checked, such as on various Android devices, escape or strip the QR with embedded NUL - this can lead to various attacks including phishing (Apple users will see something different than other users) and resulting in this vulnerability extending to other applications that rely on the Apple scanner
- References