从这个网页截图中可以获取到以下关于漏洞的关键信息: 报告标题:Security Vulnerability Assessment Report Splashin iOS Application 作者:Carter LaSalle 日期:July 14, 2025 摘要:报告详细描述了对Splashin iOS应用程序的全面安全评估,该平台用于“Senior Assassin”游戏,跟踪玩家位置。重点在于高级订阅模式和位置数据保护机制的完整性。发现了多个关键漏洞,允许免费用户访问高级功能,包括实时位置更新和位置更新请求。 目录: - Introduction - Methodology - Tools and Environment - Approach - Vulnerabilities Discovered - CVE-2025-45156: Update Interval Bypass - CVE-2025-45157: Premium Feature Access Control Failure - CVE-2025-45156: Unlimited Location Data Access - Technical Details - Authentication Mechanism - Subscription Validation Flaw - API Request Analysis - Proof of Concept - Basic Update Interval Bypass Test - Premium Feature Force Update Exploit - Complete Subscription Bypass - Proof of Concept Results - Impact Analysis - Business Impact - User Privacy Impact - Technical Impact