An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers. Security researcher Anand Prakash, founder of PingSafe AI, found the app s cloud storage on Amazon along with host names and some sensitive data that it used. An attacker could insert the phone number of any app user in the recordings request. Because the responding API did not run any authentication, it returned recordings associated with the number passed in the request.
Source: https://www.bleepingcomputer.com/news/security/iphone-call-recorder-bug-gave-acess-to-other-peoples-conversations/