The Metaclassy Byword app 2.x prior to 2.1 for iOS does not require confirmation of Replace file actions, which allows remote malicious users to overwrite arbitrary files via the name and text parameters in a byword://replace URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
metaclassy byword 2.0.1 |
||
metaclassy byword 2.0.2 |
||
metaclassy byword 2.0.3 |
||
metaclassy byword 2.0.0 |