Bug hits Truecaller app threatening the security of millions of users
By MYBRANDBOOK
A serious vulnerability was discovered in the popular call-blocking application Truecaller that could have threatened the security of millions of users.
It was found out by Indian security researcher Ehraz Ahmed. According to the discovery, the vulnerability allowed a user to plant a URL into the profile picture. Hence, a potential attacker could exploit the flaw to inject a malicious URL to the profile picture. As a result, anyone clicking on the profile would fall victim to the attack.
The researcher further revealed that such attacks could allow the attacker to extract numerous details about the user. This includes fetching the victim’s IP address, user-agent and time without them knowing.
He has also shared a POC of the exploit demonstrating how an attacker could fetch victim’s information.
After having discovered the bug, Truecaller was informed about the matter before going public. Consequently, Truecaller patched the flaw in the app’s API and has released the fix.
“It was recently brought to our attention that there was a small bug in our app services which allowed the modification of one’s own profile in an unintended way. We thank the security researcher for bringing this to our notice and collaborating with us. The bug was immediately fixed. Since it’s a critical bug affecting all Truecaller applications, users must ensure they update their devices with the latest patched versions,” said Truecaller in one of its statements.
Truecaller has also disclosed its plans to announce a bug bounty program soon.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
QUICK HEAL TECHNOLOGIES PVT. Ltd.
ATRIE TECHNOLOGY PVT. LTD.
NUMERIC INDIA, A Group Brand Legrand
SAMSUNG INDIA ELECTRONICS PVT. LTD.
Technology Icons Of India 2023: Shailendra Katyal
Shailendra is instrumental in Lenovo achieving the no.1 position in PC...
Technology Icons Of India 2023: Rajiv Srivastava
Rajiv Srivastava is the Managing Director of Redington Group. With 35 ...
Technology Icons Of India 2023: Sridhar Vembu
Sridhar Vembu is an Indian billionaire business magnate and the Founde...
GeM maintains transparency in online procurement of goods & services
Created in a record time of five months, Government eMarketplace is a ...
TCIL continues to strengthen India with its technology expertise
TCIL undertakes consultancy & turnkey projects in the field of Telecom...
Leading company into fertilizers in the country
NFL is a dynamic organization committed to serve the farming community...
M. TECH SOLUTIONS (I) PVT. LTD.
M.Tech is a leading cyber security and network performance solutions ...
INGRAM MICRO INDIA PVT. LTD.
Ingram Micro India, a large national distributor offers a comprehensiv...
BEETEL TELETECH LTD.
: Beetel is one of the oldest and most reputed brands in the Industry,...