Audible Mobile Application Information Disclosure VulnerabilityBy: Beau Woods
Dell SecureWorks Security Advisory SWRX-2011-004
- Title: Audible Mobile Application Information Disclosure Vulnerability
- Advisory ID: SWRX-2011-004
- Date published: Friday, October 28, 2011
- CVE: CVE-2011-4196
- CVSS v2 Base Score: 4.7
- Date of last update: Thursday, October 27, 2011
- Vendors contacted: Audible, Inc.
- Release mode: Coordinated
- Discovered by: Beau Woods, Dell SecureWorks
The Audible for iPhone and iPod Touch (http://www.audible.com/wireless/iphone) and the Audible for Android (http://www.audible.com/wireless/android) applications improperly handle sensitive information. An attacker with physical or logical access to the device or to device backups could obtain the user account information, password, device ID and device serial number.
PGP Signature (PC Users: You may need to right click your mouse and select "Save As")