CVE-2020-15165

Potentially tampered sources on Play Store for Chameleon Mini Live Debugger

CVSS 9.3 CRITICALEPSS 1.3%CWE-506

In short

A malicious actor may have tampered with the Chameleon Mini Live Debugger app (version 1.1.6-free) on Google Play Store, potentially injecting harmful code or requesting dangerous permissions. Users should immediately update to version 1.1.8 or later to ensure their device is not compromised.

Technical detail

CWE-506 describes supply chain compromise where application sources or permissions may have been altered by an unauthorized third party in the official distribution channel. The attack vector is installation of a tampered binary from the Play Store; the impact includes potential arbitrary code execution and unauthorized access to device resources depending on what malicious modifications were introduced.

Summary generated and translated by AI from the official description.

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Affected products

maxieds · ChameleonMiniLiveDebugger

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/maxieds/ChameleonMiniLiveDebugger/security/advisories/GHSA-8q77-7hq8-f7g6 https://play.google.com/store/apps/details?id=com.maxieds.chameleonminilivedebugger&hl=en_US