Bug hits Truecaller app threatening the security of millions of users
By MYBRANDBOOK
A serious vulnerability was discovered in the popular call-blocking application Truecaller that could have threatened the security of millions of users.
It was found out by Indian security researcher Ehraz Ahmed. According to the discovery, the vulnerability allowed a user to plant a URL into the profile picture. Hence, a potential attacker could exploit the flaw to inject a malicious URL to the profile picture. As a result, anyone clicking on the profile would fall victim to the attack.
The researcher further revealed that such attacks could allow the attacker to extract numerous details about the user. This includes fetching the victim’s IP address, user-agent and time without them knowing.
He has also shared a POC of the exploit demonstrating how an attacker could fetch victim’s information.
After having discovered the bug, Truecaller was informed about the matter before going public. Consequently, Truecaller patched the flaw in the app’s API and has released the fix.
“It was recently brought to our attention that there was a small bug in our app services which allowed the modification of one’s own profile in an unintended way. We thank the security researcher for bringing this to our notice and collaborating with us. The bug was immediately fixed. Since it’s a critical bug affecting all Truecaller applications, users must ensure they update their devices with the latest patched versions,” said Truecaller in one of its statements.
Truecaller has also disclosed its plans to announce a bug bounty program soon.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
NETWEB TECHNOLOGIES INDIA LTD.
DIGISOL SYSTEMS LTD.
CENTRE FOR DEVELOPMENT OF TELEMATICS (C-DOT)
BPE INDIA PVT. LTD.
Icons Of India : Harsh Jain
Harsh Jain, the co-founder of Dream 11, the largest fantasy sports web...
Icons Of India : ASHISH KUMAR CHAUHAN
Ashish kumar Chauhan, an Indian business executive and administrator, ...
Icons Of India : Deepak Sharma
Deepak Sharma spearheads Schneider Electric India. He brings with him ...
TCIL - Telecommunications Consultants India Limited
TCIL is a government-owned engineering and consultancy company...
NIC - National Informatics Centre
NIC serves as the primary IT solutions provider for the government of ...
EESL - Energy Efficiency Services Limited
EESL is uniquely positioned in India’s energy sector to address ener...
Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant
Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...
Indian Tech Talent Excelling The Tech World - Rajiv Ramaswami, President & CEO, Nutanix Technologies
Rajiv Ramaswami, President and CEO of Nutanix, brings over 30 years of...
Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex
Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...