It seems that there’s a wave of iOS and macOS vulnerabilities being uncovered by security researchers. The latest one concerns Automatic Call Recorder, an iOS call recording application which contained a bug that could give access to users’ conversations. The only thing needed to exploit the bug is providing the correct phone number.
Bug in Automatic Call Recorder iOS App
The vulnerability was reported by security researcher Anand Prakash, and is already fixed. The app itself is quite popular among iPhone users, and it is ranked at number 15 in the Apple store’s Business category. Its popularity and widespread use make the bug’s impact significant.
How was Automatic Call Recorder’s bug discovered?
Prakash and PingSafe’s AI threat intelligence discovered the vulnerability while performing open-source intelligence across mobile apps in various categories. “PingSafe AI decompiled the IPA file and figured out S3 buckets, host names and other sensitive details used by the application,” the report says.
What did the vulnerability allow?
The bug could enable threat actors to eavesdrop on users’ call recordings from app’s the cloud storage bucket. An unauthenticated API endpoint leaked the cloud storage URL.
In technical terms, the flaw resided in the “/fetch-sinch-recordings.php” API endpoint of the “Automatic Call Recorder” application. “An attacker can pass another user’s number in the recordings request and the API will respond with recording url of the storage bucket without any authentication. It also leaks victim’s entire call history and the numbers on which calls were made,” the report explains.
Just few days ago, we reported the existence of a new vulnerability affecting iOS, macOS, watchOS, and Safari browser: CVE-2021-1844. The vulnerability was discovered by two researchers: Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research. Triggered by a memory corruption problem, the bug could cause arbitrary code execution while processing specially crafted web content. The issue was fixed with improved validation.
You can also read our overview of Apple’s privacy so far in 2021.