Philips Discloses Vulnerability in DreamMapper Mobile App Software
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency released an advisory on a medium-severity vulnerability found in Philips’ DreamMapper software. A successful exploit could allow an attacker to access log file information containing descriptive error messages.
The DreamMapper mobile app is a personalized therapy adherence tool used to manage sleep apnea.
Security researchers Lutz Weimann, Tim Hirschberg, Issam Hbib, and Florian Mommertz of SRC Security Research & Consulting GmbH first reported the vulnerability to CISA.
The vulnerability is found in versions 2.24 and earlier and could be exploited remotely with low-level skill. If exploited, an attacker could access...