# Exploit Title: Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities # Date: 14/Jul/17 # Exploit Author: MaXe # Vendor Homepage: http://www.orionbrowser.com && https://www.linkedin.com/company-beta/18034392/ && https://itunes.apple.com/us/app/orion-elite-hidden-ip-browser-pro/id1021253135 # Software Link: Refer to IPA archive websites at your own risk # Screenshot: Not available - See external links for more information # Versions: 7.9 to 1.0 # Tested on: iPhone 4 (7.1.2) and iPhone 4S (9.3.5) # CVE : N/A Orion Elite Hidden IP Browser Pro++ - Multiple Known Vulnerabilities (Formerly known as: Torion Secure Anonymous Browser Pro++) Versions affected: 7.9 (02 May 2016) and all former versions dating back to 1.0 (10 August 2015) iPhone App Info - Description by Developer: "#1 Onion Routing Browser that protects and hides your IP (Internet Protocol) address from the internet for legal legitimate purposes. It is the most robust, tested and popular App on the App Store. Is your privacy worth cutting corners? Can you be half protected? Is it worth the risk? The world famous eVestigator.com.au, the Cyber Digital-Forensics Private Investigator, the author and enhancer of this original open browser says "not even he could hack it" and "I have put people behind bars just from tracing an IP before". That's straight from the Author. If you're thinking about investigating in an inferior product, think again!" External Links: https://itunes.apple.com/us/app/orion-elite-hidden-ip-browser-pro/id1021253135 [http://archive.is/R5jst] http://www.orionbrowser.com (Current package name) [http://web.archive.org/web/20160624150229/http://orionbrowser.com/ || http://archive.is/i6z60] http://www.torionbrowser.com (Original package name) [http://web.archive.org/web/20160314004721/https://www.torionbrowser.com/ || http://archive.is/FiHSP] https://www.linkedin.com/company-beta/18034392/ (Company that published the app and is responsible for maintaining it.) https://www.youtube.com/watch?v=MYd4_pitOjA (Video demonstration - removed by vendor 14Jul17) [http://archive.is/nHWuF - Does not contain original video] Credits: MaXe (@InterN0T) Special Thanks: The original developer (see references) for providing accurate changelogs and making known bugs public, so that users are aware of these security risks. -:: The Advisory - Detailed::- The iPhone application reviewed is vulnerable to multiple known issues. 1. The Tor client embedded within the application is: 0.2.6.5-rc (released 18 Mar 2015) Relevant changelogs: - https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?h=release-0.2.6 (https://blog.torproject.org/blog/tor-0265-rc-released) - Potentially Applicable CVEs: CVE-2017-0376, CVE-2017-0375, CVE-2016-8860 2. The OpenSSL library embedded within the application is: 1.0.2a (released 19 Mar 2015) Relevant changelogs: - https://openssl.org/news/changelog.html - https://www.openssl.org/news/secadv/20160503.txt << Important security advisory - https://www.openssl.org/news/secadv/20160922.txt << Important security advisory - Applicable CVEs: CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, CVE-2016-7052, CVE-2016-6304, CVE-2016-2183, CVE-2016-6303 CVE-2016-6302, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2181 CVE-2016-6306, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176, CVE-2016-0800 CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0701, CVE-2015-3197 CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-1793, CVE-2015-3196 3. Known bugs from the original application, by the original developer: - Video note: Websites using HTML5