Alberta : Security Vulnerabilities, CVEs, Published In 2020
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.
Max CVSS
9.8
EPSS Score
0.89%
Published
2020-05-18
Updated
2020-05-20
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.
Max CVSS
6.5
EPSS Score
0.11%
Published
2020-05-14
Updated
2021-07-21
2 vulnerabilities found