# Date: 30.04.2014
# Tested on: iOS 7.0.1
# CVE: No assigned yet
# Author: Marek Zmysłowski
# http://browser-shredders.blogspot.com
1. The Puffin Browser (paid version) processing some of the web content on the server side. The vulnerability exist when the "file:///" URL is processed incorrectly, revealing the content of the server side.
2. Proof of Concept
4. Fix
The issue has been fixed on the server side.
5. Timeline
30.04.2014 - vulnerability reported
01.05.2014 - fix
30.05.2014 - public disclosure
No comments:
Post a Comment