Ruzzle is a simple video game developed by the Swedish gaming company MAG Interactive, available for iOS and Android devices. Security analyst discovered that is it possible to tamper them due the absence of control on server side on data sent by the application. The leak of data validation is widely exploited in web application context typically to increase attacker’s privileges or worst to impersonate the victim within an authenticated session. Attackers can access to the whole list of games including current games and it could also challenge other victim’s friends but most concerning thing is that the attacker could access to victim’s private messages.
Source: https://thehackernews.com/2013/04/italian-team-discoveries-flaw-in-ruzzle.html