VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 10, 2015· Updated May 6, 2026

CVE-2015-5655

CVE-2015-5655

Description

The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adways Party Track SDK for iOS versions before 1.6.6 fails to validate X.509 certificates, enabling man-in-the-middle attacks to intercept encrypted communications.

Vulnerability

Adways Party Track SDK for iOS prior to version 1.6.6 does not verify X.509 certificates from SSL servers during HTTPS communications. This flaw affects both communications made by the SDK and those made by applications using NSURLConnection as reported by the developer [1][2]. Applications built with the vulnerable SDK are affected.

Exploitation

An attacker capable of performing a man-in-the-middle attack on the network (e.g., on a shared Wi-Fi or compromised router) can present a crafted certificate to the application. The SDK, lacking proper certificate validation, accepts the spoofed certificate, allowing the attacker to intercept the encrypted SSL/TLS session [2]. No authentication or user interaction beyond being on the same network path is required.

Impact

Successful exploitation allows the attacker to eavesdrop on or alter encrypted communications between the application and legitimate servers [1][2]. This compromises the confidentiality and integrity of data transmitted by the SDK or the host application, such as user tracking information or other sensitive data.

Mitigation

Adways released SDK version 1.6.6 to fix the certificate validation issue. Developers must update to this version and rebuild their applications. The vendor's site (https://partytrack.it) provides the updated SDK and release notes [1][3]. No workarounds are available for prior versions.

References
  1. Party Track SDK for iOS fails to verify server certificates
  2. JVNDB-2015-000159 - JVN iPedia
  3. Japan Vulnerability Notes/Information from Adways Inc.

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Adways/Party Track Sdk2 versions
    cpe:2.3:a:adways:party_track_sdk:*:*:*:*:*:iphone_os:*:*+ 1 more
    • cpe:2.3:a:adways:party_track_sdk:*:*:*:*:*:iphone_os:*:*range: <=1.6.5
    • (no CPE)range: <1.6.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.