CVE-2014-5535

Vulnerability

The Baby Get Up - Kids Care application (package air.brown.jordansa.getup) version 1.0.3 for Android fails to properly validate X.509 certificates presented by HTTPS servers. This means the app does not verify that the certificate chain is signed by a trusted root certificate authority, as required for secure SSL/TLS connections [1].

Exploitation

An attacker positioned on the same network as the victim (e.g., via a rogue Wi‑Fi hotspot or ARP spoofing) can perform a man‑in‑the‑middle attack. By presenting a crafted certificate that the app does not reject, the attacker can intercept all HTTPS traffic between the app and its backend servers [1].

Impact

Successful exploitation allows the attacker to view or modify network traffic that should have been protected by HTTPS. This can lead to disclosure of sensitive information such as user credentials or personal data, and potentially arbitrary code execution depending on the app's functionality [1].

Mitigation

The vendor has not released a patched version as of the publication date. Users are advised to avoid using this application and instead access the service via a web browser, which typically implements proper certificate validation [1]. The application may be considered obsolete; no fix is known.