The method moveItem in GCDWebUploader class checks the FileExtension of newAbsolutePath but not the oldAbsolutePath. By taking this error, adversary can make un-accessible file to be available, credential of the app for instance. I have found real app affected by this vulnerability.
The text was updated successfully, but these errors were encountered:
The method moveItem in GCDWebUploader class checks the FileExtension of newAbsolutePath but not the oldAbsolutePath. By taking this error, adversary can make un-accessible file to be available, credential of the app for instance. I have found real app affected by this vulnerability.
The text was updated successfully, but these errors were encountered: