Easy Transfer Directory Traversal Vulnerability in iOS Application

A directory traversal vulnerability has been identified in the Easy Transfer iOS mobile application, specifically in version 1.7. This vulnerability allows remote attackers to access unauthorized file system paths without authentication. By manipulating path parameters in GET and POST requests, attackers can list or download sensitive system files and inject malicious scripts into application parameters. The vulnerability exploits the application's path request via the GET method, enabling access to local files by altering the request's path.

Impact

Exploitation of this vulnerability leads to unauthorized file access, information leakage, and potential compromise of the mobile application.

Reproduction

The vulnerability can be reproduced by sending a GET request to the application's path request endpoint. The request must include a manipulated path parameter that exploits the directory traversal flaw, such as by using multiple '../' sequences to navigate out of the intended directory and access sensitive files. This can be done using a web browser or a tool that allows for custom HTTP requests. Additionally, the injected scripts can be executed by accessing the corresponding application features that process the injected data.