VYPR
Unrated severityNVD Advisory· Published Jul 26, 2022· Updated Aug 3, 2024

CVE-2021-33057

CVE-2021-33057

Description

The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device's location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • QQ/QQ applicationdescription
  • Tencent/QQllm-fuzzy
    Range: = 8.7.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.