惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Exploit Database - CXSecurity.com
F
Fortinet All Blogs
U
Unit 42
F
Full Disclosure
雷峰网
雷峰网
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tailwind CSS Blog
The Cloudflare Blog
Last Week in AI
Last Week in AI
罗磊的独立博客
D
DataBreaches.Net
C
Check Point Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
O
OpenAI News
C
CXSECURITY Database RSS Feed - CXSecurity.com
aimingoo的专栏
aimingoo的专栏
S
Security @ Cisco Blogs
大猫的无限游戏
大猫的无限游戏
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
S
SegmentFault 最新的问题
NISL@THU
NISL@THU
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Hacker News
The Hacker News
Webroot Blog
Webroot Blog
Security Latest
Security Latest
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google DeepMind News
Google DeepMind News
酷 壳 – CoolShell
酷 壳 – CoolShell
N
News | PayPal Newsroom
P
Proofpoint News Feed
B
Blog RSS Feed
MongoDB | Blog
MongoDB | Blog
C
Cybersecurity and Infrastructure Security Agency CISA
N
News and Events Feed by Topic
Google Online Security Blog
Google Online Security Blog
H
Help Net Security
Spread Privacy
Spread Privacy
T
Threat Research - Cisco Blogs
GbyAI
GbyAI
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
M
MIT News - Artificial intelligence
Vercel News
Vercel News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
IT之家
IT之家
MyScale Blog
MyScale Blog
腾讯CDC

Comments for Cyber Security News

10 Dangerous DNS Attacks Types & Prevention Measures - 2026 10 Dangerous DNS Attacks Types & Prevention Measures - 2026 10 Best Vulnerability Assessment and Penetration Testing (VAPT) Tools in 2026 10 Best Vulnerability Assessment and Penetration Testing (VAPT) Tools in 2026 Top 10 Best Google Alternatives In 2026 Top 10 Best Google Alternatives In 2026 What is SYN Attack? How Does the Attack Works ? What is SYN Attack? How Does the Attack Works ? What is the Difference Between Authentication vs Authorization? What is the Difference Between Authentication vs Authorization? Comment on SOC1 vs SOC2 – Cyber Threat Intelligence Guide by jo3 Data Encryption: Why Is It So Important? Data Encryption: Why Is It So Important? Unprotected US Critical Infrastructure Can be Hacked By Anyone - A Shocking Report Vulnerability in Million Times Downloaded iPhone app Let Attacker Listen to any User's Call Recording FBI Could use a Tool to Access Private Signal Messages on iPhones FBI Could use a Tool to Access Private Signal Messages on iPhones GDPR & HIPAA Compliance - Key Similarities and Differences in the Compliance Requirements Unprotected US Critical Infrastructure Can be Hacked By Anyone - A Shocking Report
Vulnerability in Million Times Downloaded iPhone app Let Attacker Listen to any User's Call Recording
Guru Baran · 2021-03-13 · via Comments for Cyber Security News

The “Automatic call recorder” application is one of the popular applications used by iPhone users to record their calls. The app is among top-grossing in the Business category of App Store currently #15 in the downloads in the Business Category worldwide.

PingSafe AI, a security company that monitors multiple breaches in real-time, has uncovered a critical vulnerability in the iPhone automatic call recorder application that exposed thousands of users’ recorded calls.

The Call Recorder app-enabled third-parties to access a user’s entire library of recordings, just by knowing their phone number. Apple doesn’t offer call recording as a stock feature on the iPhone, so those wishing to do so easily need an app to facilitate the function.

Features of the Automatic Call Recorder App

  • Organize recordings files into categories
  • Edit recording audio
  • Upload recordings to slack
  • Upload recordings to Google Drive, Dropbox, Onedrive
  • Speech-to-text recording audios in over 50 languages

In the Call Recorder application, users can record

  • Incoming/outgoing calls
  • Domestic/international calls
  • With/without an internet connection

Vulnerability Details and Fixes Available

The security researcher Anand Prakash of PingSafe AI was able to sniff out the flaw using a proxy to replace his phone number with the number of another user. This enabled him to listen to recordings at will.

“The vulnerability allowed any malicious actor to listen to any user’s call recording from the cloud storage bucket of the application and an unauthenticated API endpoint that leaked the cloud storage URL of the victim’s data.”, said the researcher from PingSafe.

An attacker can pass another user’s number in the recordings request and the API will respond with the recording URL of the storage bucket without any authentication. It also leaks the victim’s entire call history and the numbers on which calls were made.

The Bug is fixed and the new version is made live on App Store. The app was updated on March 6, 2021, with TechCrunch pointing out the release “patch a security report,” so it appears this takes care of the vulnerability.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Guru Baran

Guru Baranhttps://cybersecuritynews.com

Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.