Thursday, April 9, 17:01
Home security Starbucks corrects serious security flaws

Starbucks corrects serious security flaws

Starbucks are corrected seriously defects which could allow an attacker to steal user credit cards.

Mohamed M. Fouad, an Information Security Consultant from SecureMisr, discovered a serious security flaw in Starbucks, which could allow an attacker to steal user credit cards and allow remote code execution.

Starbucks corrects serious security flaws

"I discovered many critical security gaps in Starbucks, which could lead to very harmful effects for all users, allowing malicious attackers to change user passwords, add alternate email addresses or change their store profiles. them and steal their saved credit cards. They can also execute phishing attacks on users and allow remote code execution on Starbucks servers, ”the Egyptian researcher said in a blog post.

According to the researcher, the Remote File Inclusion vulnerability occurs when a file from any location can be injected into the target page and included as source code for analysis and execution.

This allows:
- Running code on the web server.
- Run client-side code, such as Javascript, which can lead to other attacks, such as cross site scripting (XSS).
- Data theft / phishing manipulation in order to steal user accounts that contain credit cards and information for payment orders.

- Advertisement -

The researcher began his research a year ago when there was a Zero-Day in the Starbucks iOS Mobile Application and a "Dangerous Data Storage" vulnerability was detected.

While he was looking for hacking news about Star Bucks he found another vulnerability two months ago allowing attackers to steal Starbucks gift cards from users and to double the amounts in Starbucks gift cards.

Still, Star bucks says it has corrected them vulnerabilities.


Please enter your comment!
Please enter your name here


Microsoft: The April 2020 update for Office has been released

Microsoft released the non-security updates of April 2020 for Microsoft Office, which include corrections for errors as well as improvements ...

Tesla's new Cheetah mode offers top performance

The new Cheetah mode in the Tesla S model pushes the electric car from 0 to 100 km / h faster than ...

Tails 4.5: The new, safer version has been released!

Tails 4.5: The new, safer version has been released - Tails, is a live operating system based on ...

Windows 10 feature helps to delete useless files and apps

Windows 10 will make it easier to delete useless files and apps by displaying them in a list.

Cloudflare: Stops using Google's reCAPTCHA!

Cloudflare has announced that it will stop using Google's reCAPTCHA and switch to a new bot detector that ...

Google Stadia Pro is available for free for two months! Time for video games!

The situation we are experiencing lately due to corona, is one of the most difficult situations of ...

Russia is expected to try to manipulate the 2020 elections

The report comes after election security experts remain on alert for attempts to manipulate the 2020 election by ...

COVID-19: Can it be "reactivated" in treated patients?

According to the Korean Centers for Disease Control and Prevention (KCDC), Coronavirus COVID-19 can be "reactivated" in treated patients. Indicatively, approximately ...

Instructions for the face shields created by Apple

The pandemic of coronavirus has affected all areas of our daily lives and especially our work ....

Windows 10: WSL Linux integration test in File Explorer

Windows 10 improves integration between Windows Subsystem for Linux (WSL) and File Explorer, ...