CVE-2021-27189

Vulnerability

The CIRA Canadian Shield iOS app versions prior to 4.0.13 lack SSL certificate validation, meaning the app does not verify the authenticity of the server's certificate during TLS/HTTPS connections. This allows any HTTPS session to be intercepted if an attacker can present a fraudulent certificate.

Exploitation

An attacker with network access (e.g., on the same Wi-Fi network) can perform a man-in-the-middle (MITM) attack by presenting a self-signed or otherwise invalid certificate. The app will accept this certificate without validation, allowing the attacker to decrypt and modify all traffic between the app and its backend servers.

Impact

Successful exploitation enables the attacker to read all data transmitted by the app, including potentially sensitive information such as login credentials, personal data, or browsing activity. The attacker can also inject malicious content into the traffic, potentially compromising the user's device or data privacy.

Mitigation

Users should update to version 4.0.13 or later, which is the first fixed release. The update was made available in early 2021. There is no known workaround besides upgrading the app. The vulnerability is not listed on CISA's KEV. [1]