惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Heimdal Security Blog
A
Arctic Wolf
K
Kaspersky official blog
V
Vulnerabilities – Threatpost
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
L
LINUX DO - 热门话题
MongoDB | Blog
MongoDB | Blog
T
Threat Research - Cisco Blogs
D
Docker
爱范儿
爱范儿
T
Tenable Blog
C
Check Point Blog
B
Blog
C
Cisco Blogs
Vercel News
Vercel News
The Cloudflare Blog
T
Threatpost
NISL@THU
NISL@THU
T
Tor Project blog
V2EX - 技术
V2EX - 技术
P
Palo Alto Networks Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tailwind CSS Blog
G
GRAHAM CLULEY
P
Privacy & Cybersecurity Law Blog
SecWiki News
SecWiki News
博客园 - 司徒正美
S
Security @ Cisco Blogs
GbyAI
GbyAI
S
Secure Thoughts
Microsoft Security Blog
Microsoft Security Blog
The Register - Security
The Register - Security
Recorded Future
Recorded Future
Cloudbric
Cloudbric
Webroot Blog
Webroot Blog
N
News and Events Feed by Topic
Y
Y Combinator Blog
博客园_首页
T
Troy Hunt's Blog
The Hacker News
The Hacker News
雷峰网
雷峰网
Google DeepMind News
Google DeepMind News
U
Unit 42
AWS News Blog
AWS News Blog
PCI Perspectives
PCI Perspectives
V
Visual Studio Blog
博客园 - 聂微东
有赞技术团队
有赞技术团队
酷 壳 – CoolShell
酷 壳 – CoolShell

Comments for Cyber Security News

10 Dangerous DNS Attacks Types & Prevention Measures - 2026 10 Dangerous DNS Attacks Types & Prevention Measures - 2026 10 Best Vulnerability Assessment and Penetration Testing (VAPT) Tools in 2026 10 Best Vulnerability Assessment and Penetration Testing (VAPT) Tools in 2026 Top 10 Best Google Alternatives In 2026 Top 10 Best Google Alternatives In 2026 What is SYN Attack? How Does the Attack Works ? What is SYN Attack? How Does the Attack Works ? What is the Difference Between Authentication vs Authorization? What is the Difference Between Authentication vs Authorization? Comment on SOC1 vs SOC2 – Cyber Threat Intelligence Guide by jo3 Data Encryption: Why Is It So Important? Data Encryption: Why Is It So Important? Unprotected US Critical Infrastructure Can be Hacked By Anyone - A Shocking Report Vulnerability in Million Times Downloaded iPhone app Let Attacker Listen to any User's Call Recording FBI Could use a Tool to Access Private Signal Messages on iPhones FBI Could use a Tool to Access Private Signal Messages on iPhones GDPR & HIPAA Compliance - Key Similarities and Differences in the Compliance Requirements Unprotected US Critical Infrastructure Can be Hacked By Anyone - A Shocking Report
Vulnerability in Million Times Downloaded iPhone app Let Attacker Listen to any User's Call Recording
Guru Baran · 2021-03-13 · via Comments for Cyber Security News

The “Automatic call recorder” application is one of the popular applications used by iPhone users to record their calls. The app is among top-grossing in the Business category of App Store currently #15 in the downloads in the Business Category worldwide.

PingSafe AI, a security company that monitors multiple breaches in real-time, has uncovered a critical vulnerability in the iPhone automatic call recorder application that exposed thousands of users’ recorded calls.

The Call Recorder app-enabled third-parties to access a user’s entire library of recordings, just by knowing their phone number. Apple doesn’t offer call recording as a stock feature on the iPhone, so those wishing to do so easily need an app to facilitate the function.

Features of the Automatic Call Recorder App

  • Organize recordings files into categories
  • Edit recording audio
  • Upload recordings to slack
  • Upload recordings to Google Drive, Dropbox, Onedrive
  • Speech-to-text recording audios in over 50 languages

In the Call Recorder application, users can record

  • Incoming/outgoing calls
  • Domestic/international calls
  • With/without an internet connection

Vulnerability Details and Fixes Available

The security researcher Anand Prakash of PingSafe AI was able to sniff out the flaw using a proxy to replace his phone number with the number of another user. This enabled him to listen to recordings at will.

“The vulnerability allowed any malicious actor to listen to any user’s call recording from the cloud storage bucket of the application and an unauthenticated API endpoint that leaked the cloud storage URL of the victim’s data.”, said the researcher from PingSafe.

An attacker can pass another user’s number in the recordings request and the API will respond with the recording URL of the storage bucket without any authentication. It also leaks the victim’s entire call history and the numbers on which calls were made.

The Bug is fixed and the new version is made live on App Store. The app was updated on March 6, 2021, with TechCrunch pointing out the release “patch a security report,” so it appears this takes care of the vulnerability.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Guru Baran

Guru Baranhttps://cybersecuritynews.com

Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.