CVE-2024-43399: Critical Zip Slip Vulnerability Discovered in Mobile Security Framework (MobSF) - #CVE-2024-43399
A severe security flaw, CVE-2024-43399, has been identified in the Mobile Security Framework (MobSF), affecting all versions up to 4.0.6. This vulnerability, with a CVSS score of 9.8, permits remote code execution on servers utilizing MobSF due to the tool's faulty handling of .a extension files in its Static Analyzer. The root cause is an inadequate mitigation technique against Zip Slip attacks, which enables attackers to circumvent file path sanitization. This could lead to overwriting critical system files or remote code execution. The issue has been rectified in version 4.0.7, and users are strongly advised to update immediately to prevent system compromise.