Malicious Package Affecting mintegraladsdk package, versions <6.6.0.0
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-COCOAPODS-MINTEGRALADSDK-598852
- published 24 Aug 2020
- disclosed 18 Aug 2020
- credit Snyk Security Team
Introduced: 18 Aug 2020
CVE-2020-7705 Open this link in a new tabHow to fix?
Upgrade MintegralAdSDK
to version 6.6.0.0 or higher.
Overview
MintegralAdSDK is a malicious package. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud.
Mintegral can remotely activate hooks on the UIApplication
, openURL
, SKStoreProductViewController
, loadProductWithParameters
and NSURLProtocol
methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK
sends obfuscated data about every opened URL in an application to their servers.
Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads.