N/A

The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

N/A

N/A

Access CX App for Android和for iOS 安全漏洞

Access CX App for Android和Access CX App for iOS都是专用于证券交易的应用程序。前者是用于Android系统；后者是用于iOS系统。 Access CX App for Android 2.0.0.1之前的版本和Access CX App for iOS 2.0.2之前的版本中存在安全漏洞，该漏洞源于程序没有验证SSL服务器的X.509证书。攻击者可借助特制的证书利用该漏洞实施中间人攻击，冒充服务器并获取敏感信息。

N/A

N/A