Vulnerability-lab researchers discovered HTML Inject & File Include Vulnerability in the TreasonSMS app that allows hackers to run the malicious code inside the iPhone.
About TreasonSMS app:
TreasonSMS allows you to send SMS from your desktop computer. It turns your iPhone into a SMS webserver, so you can send sms and reply to SMS from your computer over wifi.
According to the security advisory provided by researchers, the vulnerability allows an remote attacker to include malicious persistent script codes on application-side of the iphone.
This possible way allows the attacker also to inject for example webshell scripts to get control of the affected application folder. When the IPhone is jailbreaked the vulnerability exploitation can also result full controll of the affected IPhone.
"The Bug is located in the input fields of the Message Sending & Message Output. An attacker can scan the victim on walkthrough because the ip of the webserver makes the treasonSMS available to anybody without password.To exploit somebody on a walkthourgh its only required to scan for the stable ip via wlan and access the panel for exploitation." Researcher said.
The vulnerability-Lab estimated the vulnerability as High Severity.
