Discovered vulnerabilities can be exploited by malicious people to gain total control of the pentester's system.
The company High-Tech Bridge Security published a notice describing multiple vulnerabilities in Smartphone Pentest Framework (SPF) - a product designed to find vulnerabilities in smartphones.
Smartphone Pentest Framework was presented at this year's conference Blackhat, Defcon, Bsides and received a grant from DARPA Cyber Fast Track to the development of a promising project.
Can be exploited by malicious people to conduct CSRF attack to gain access to sensitive information, execute arbitrary SQL commands to the database application and execute arbitrary commands on the system. The presence of unsafe file permissions allow local users to gain escalated privileges.
