Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-COCOAPODS-MINTEGRALADSDK-598852
- published 24 Aug 2020
- disclosed 18 Aug 2020
- credit Snyk Security Team
How to fix?
MintegralAdSDK to version 18.104.22.168 or higher.
MintegralAdSDK is a malicious package. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud.
Mintegral can remotely activate hooks on the
NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active
MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers.
Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads.