The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Abtracetogether | Alberta | - (including) | - (including) |
Protego_safe | Gov | - (including) | - (including) |
Covidsafe | Health | 1.0 (including) | 1.0 (including) |
Covidsafe | Health | 1.1 (including) | 1.1 (including) |
Tracetogether | Tracetogether | - (including) | - (including) |