Twitter Kit
Monthly
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.