CVE-2024-56947 – This vulnerability in BeautyCam iOS app allows ... (How to Fix)

📋 TL;DR

This vulnerability in BeautyCam iOS app allows attackers to access sensitive user information by tricking users into clicking a crafted malicious link. It affects users of the BeautyCam iOS application version 12.3.60. The vulnerability represents a URL redirection issue that can lead to information disclosure.

💻 Affected Systems

Products:

Xiamen Meitu Technology Co., Ltd. BeautyCam iOS

Versions: v12.3.60

Operating Systems: iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific iOS version of BeautyCam app. Requires user interaction with a crafted link.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal sensitive user data including personal information, authentication tokens, or device identifiers through successful exploitation.

🟠

Likely Case

Attackers using phishing techniques could redirect users to malicious sites that harvest user data or session information.

🟢

If Mitigated

With proper URL validation and user awareness training, the risk is reduced to minimal information leakage.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking a link). The GitHub reference contains technical details about the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check for app updates in the Apple App Store
2. Update to the latest version if available
3. If no update is available, consider temporarily uninstalling the app

🔧 Temporary Workarounds

Disable app or restrict permissions

all

Temporarily disable or uninstall the BeautyCam app until a fix is available

User awareness training

all

Educate users not to click on suspicious links, especially those received via messaging or email

🧯 If You Can't Patch

Implement network filtering to block malicious domains that might be used in crafted links
Use mobile device management (MDM) to restrict app installation or enforce security policies

🔍 How to Verify

Check if Vulnerable:

Check the app version in iOS Settings > General > iPhone Storage > BeautyCam

Check Version:

Not applicable - check via iOS Settings as described above

Verify Fix Applied:

Verify the app has been updated to a version newer than 12.3.60

📡 Detection & Monitoring

Log Indicators:

Unusual URL redirects within the app
Suspicious link clicks from the app

Network Indicators:

Unexpected outbound connections from the app to unknown domains
HTTP redirect patterns matching exploit techniques

SIEM Query:

Not applicable for mobile app vulnerabilities

📊 Metadata

CVE ID: CVE-2024-56947

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-601

EPSS Score: 0.09% exploit probability (25th percentile)

Published: January 27, 2025

Last Updated: January 28, 2025

🔗 References

https://github.com/ZhouZiyi1/Vuls/blob/main/241208-BeautyCam/241208-BeautyCam.pdf

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56947, you might also want to check these: