{
	"id": "64a20787-d02b-4d72-bb9d-163f9dd746d0",
	"created_at": "2026-04-06T02:10:53.386592Z",
	"updated_at": "2026-04-10T03:21:42.774782Z",
	"deleted_at": null,
	"sha1_hash": "3d7221acf7a707f5fec255c5beb461b8ff1279de",
	"title": "APP-6 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44201,
	"plain_text": "APP-6 · Mobile Threat Catalogue\r\nArchived: 2026-04-06 01:51:47 UTC\r\nMobile Threat Catalogue\r\nVulnerable Third-Party Library\r\nContribute\r\nThreat Category: Vulnerable Applications\r\nID: APP-6\r\nThreat Description: A mobile app may not directly contain vulnerabilities in its code, but may make calls to a\r\nthird-party library that does contain vulnerabilities that are exploitable by a remote attacker.\r\nThreat Origin\r\nA Pattern for Remote Code Execution using Arbitrary File Writes and MultiDex Applications 1\r\nUnsafe Exposure Analysis of Mobile In-App Advertisements 2\r\nExploit Examples\r\nNot Applicable\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nDeploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security\r\nchecks on the app.\r\nDeploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app\r\nstores.\r\nUse app-vetting tools or services to identify apps that use vulnerable libraries.\r\nReferences\r\n1. R. Welton, “A Pattern for Remote Code Execution using Arbitrary File Writes and MultiDex Applications”,\r\nblog, 15 June 2015; www.nowsecure.com/blog/2015/06/15/a-pattern-for-remote-code-execution-using-https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-6.html\r\nPage 1 of 2\n\narbitrary-file-writes-and-multidex-applications/ [accessed 8/25/2016] ↩\r\n2. M. Grace et al., “Unsafe Exposure Analysis of Mobile In-App Advertisements”, in Proceedings of the Fifth\r\nACM Conference on Security and Privacy in Wireless and Mobile Networks,2012, pp. 101-112;\r\nhttp://dl.acm.org/citation.cfm?id=2185464 [accessed 8/25/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-6.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-6.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-6.html"
	],
	"report_names": [
		"APP-6.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775441453,
	"ts_updated_at": 1775791302,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3d7221acf7a707f5fec255c5beb461b8ff1279de.pdf",
		"text": "https://archive.orkl.eu/3d7221acf7a707f5fec255c5beb461b8ff1279de.txt",
		"img": "https://archive.orkl.eu/3d7221acf7a707f5fec255c5beb461b8ff1279de.jpg"
	}
}