GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos.
“This means any sensitive media shared between users of this messenger app is at risk of being compromised by an unauthenticated attacker or curious user,” Trustwave Senior Security Consultant Richard Tan said in a report shared with The Hacker News.
According to Trustwave SpiderLabs, the shortcoming was spotted in version 7.91 of the app, which was released on the Google Play Store on February 18, 2020.
The cybersecurity firm said it attempted to contact the app makers multiple times since August 18, 2020, without receiving a response.
But checking the app’s changelog, GO SMS Pro received an update (v7.92) on September 29, followed by another subsequent update, which was published yesterday. The latest updates to the app, however, still doesn’t address the weakness mentioned above.
The vulnerability stems from the manner media content is displayed when recipients don’t have the GO SMS Pro app installed on their devices, leading to potential…