Ossur Mobile Logic Application Exposure of Sensitive Information and Command Injection Vulnerabilities

A vulnerability in the Ossur Mobile Logic Application, affecting versions prior to 1.5.5, allows for the exposure of hard-coded credentials and static tokens. These were extracted from a decompiled IPA file and could be used to disrupt the application's normal functioning by altering translation files, thereby compromising the application's integrity. Additionally, the presence of multiple bash files in the application's private directory could be exploited by an attacker with full access to the mobile platform, further manipulating the application's translation files.

Impact

Exploitation of these vulnerabilities could lead to unauthorized access to sensitive information and manipulation of the application's functionality, particularly its translation files, which are crucial for maintaining the application's integrity.

Remediation

Users are advised to update to version 1.5.5 or later of the Ossur Mobile Logic Application. The latest version can be downloaded from the app store on mobile devices.