CVE-2020-12717 : Vulnerability Insights and Analysis

The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, interfering with COVID-19 contact tracing. This vulnerability affects other apps like ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore).

Understanding CVE-2020-12717

The vulnerability in the COVIDSafe app for iOS can be exploited by a remote attacker to disrupt the app's functionality.

What is CVE-2020-12717?

The COVIDSafe app for iOS is susceptible to crashing due to a Bluetooth advertisement with insufficient manufacturer data, triggered by an incorrect OpenTrace manuData.subdata call.

The Impact of CVE-2020-12717

Allows a remote attacker to crash the COVIDSafe app for iOS
Interferes with COVID-19 contact tracing efforts
Affects the functionality of ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps

Technical Details of CVE-2020-12717

The technical aspects of the vulnerability in the COVIDSafe app for iOS.

Vulnerability Description

The vulnerability allows a remote attacker to crash the app by sending a Bluetooth advertisement with insufficient manufacturer data.

Affected Systems and Versions

COVIDSafe (Australia) app versions 1.0 and 1.1 for iOS
ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps

Exploitation Mechanism

The vulnerability is exploited by sending a Bluetooth advertisement with inadequate manufacturer data, triggering an erroneous OpenTrace manuData.subdata call.

Mitigation and Prevention

Steps to mitigate and prevent the exploitation of CVE-2020-12717.

Immediate Steps to Take

Update the COVIDSafe app to the latest version
Be cautious of Bluetooth connections from unknown sources

Long-Term Security Practices

Regularly update all apps on your device
Exercise caution when connecting to public Wi-Fi networks

Patching and Updates

Ensure all apps are updated to the latest versions
Follow security best practices to protect against similar vulnerabilities