CVE-2024-56951 – This vulnerability in UU Game Booster iOS app a... (How to Fix)

📋 TL;DR

This vulnerability in UU Game Booster iOS app allows attackers to access sensitive user information by tricking users into clicking a specially crafted link. It affects iOS users running UU Game Booster version 10.6.13. The issue is a URL redirection vulnerability that can lead to information disclosure.

💻 Affected Systems

Products:

Hangzhou Bobo Technology Co Ltd UU Game Booster

Versions: iOS version 10.6.13

Operating Systems: iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the iOS version of UU Game Booster. Requires user interaction (clicking a crafted link).

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal sensitive user data including authentication tokens, personal information, and potentially gain unauthorized access to linked accounts or services.

🟠

Likely Case

Attackers could harvest user information through phishing campaigns using crafted links, leading to privacy violations and potential credential theft.

🟢

If Mitigated

With proper URL validation and user education about suspicious links, the impact would be limited to unsuccessful phishing attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub reference contains technical details about the vulnerability. Exploitation requires social engineering to get users to click malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

1. Check for app updates in the iOS App Store
2. If an update is available, install it
3. If no update is available, consider uninstalling the app until a fix is released

🔧 Temporary Workarounds

Disable app or restrict permissions

ios

Uninstall UU Game Booster or restrict its permissions in iOS settings

User education

all

Train users not to click suspicious links, especially those sent via messaging apps or email

🧯 If You Can't Patch

Uninstall UU Game Booster from all iOS devices
Implement network filtering to block malicious domains and monitor for suspicious URL patterns

🔍 How to Verify

Check if Vulnerable:

Check if UU Game Booster version 10.6.13 is installed on iOS devices via Settings > General > iPhone Storage

Check Version:

Not applicable for iOS apps - check via device settings

Verify Fix Applied:

Verify the app version has been updated to a version higher than 10.6.13

📡 Detection & Monitoring

Log Indicators:

Unusual URL patterns in app logs
Unexpected data access events

Network Indicators:

Suspicious outbound connections from the app to unknown domains
URL redirection patterns

SIEM Query:

Not applicable for mobile app vulnerabilities without enterprise monitoring

📊 Metadata

CVE ID: CVE-2024-56951

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-601

EPSS Score: 0.09% exploit probability (25th percentile)

Published: January 27, 2025

Last Updated: January 28, 2025

🔗 References

https://github.com/ZhouZiyi1/Vuls/blob/main/241216-UUGameBooster/241216-UUGameBooster.pdf

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56951, you might also want to check these: