Description
AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://fluidattacks.com/advisories/walker/
Product x_refsource_misc
https://www.spsoftmobile.com/
Scores
CVSS v3
6.6
EPSS
0.0042
EPSS Percentile
33.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (1)
spsoftmobile/applock
7.9.29
Published
Sep 30, 2022
Tracked Since
Feb 18, 2026