Security News > 2016 > July > BMW ConnectedDrive flaws could be misused to tamper with car settings (Help Net Security)

Security researcher Benjamin Kunz Mejri has found two vulnerabilities in the BMW ConnectedDrive web portal/web application. About the vulnerabilities in BMW ConnectedDrive The first one is a client-side cross site scripting web vulnerability that could be exploited by a remote attacker without a privileged account to inject his own malicious script codes to the client-side of the affected module context. Minimal user interaction is needed for this attack to work. “Successful exploitation of the vulnerability … More →

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/lwoZdjlOKJA/