Headline
CVE-2023-23299: Core Topics
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.
Overview
Compatible Devices
API Docs
Get the SDK
Submit an App
Stay Informed
Connect IQ Basics
Monkey C
Core Topics
- Manifest and Permissions
- Application and System Modules
- Persisting Data
- Backgrounding
- Glances
- Properties and App Settings
- Intents
- Build Configuration
- Security
- User Interface
- Layouts
- Graphics
- Input Handling
- Native Controls
- Resources
- Monkey Style
- Getting the Users Attention
- HTTPS
- Authenticated Web Services
- Communicating with Mobile Apps
- Downloading Content
- Mobile SDK for Android
- Mobile SDK for iOS
- Ant and Ant Plus
- Bluetooth Low Energy
- Sensors
- Positioning
- Activity Recording
- Quantifying the User
- Complications
- Shareable Libraries
- Debugging
- Unit Testing
- Exception Reporting Tool
- Profiling
- Publishing to the Store
- Beta Apps
- Trial Apps
User Experience Guidelines
Connect IQ FAQ
Reference Guides
App Review Guidelines
Personality Library
Developer Summit