An iPhone app called Call Recorder lets users record their phone call conversations. But a recently discovered bug leaked those calls.
But using a readily available proxy tool like Burp Suite, Prakash could view and modify the network traffic going in and out of the app. That meant he could replace his phone number registered with the app with the phone number of another app user, and access their recordings on his phone.
A new version of the app was submitted to Apple’s app store on Saturday. The release notes said the app update was to “patch a security report.”