-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-19-1 iOS 11iOS 11 is now available and addresses the following:Exchange ActiveSyncAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An attacker in a privileged network position may be able toerase a device during Exchange account setupDescription: A vali

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-20-1 Additional information for APPLE-SA-2017-09-19-1 iOS 11iOS 11 addresses the following:Exchange ActiveSyncAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An attacker in a privileged network position may be able toerase a device during Exchange acco

by Hara Hiroaki, Higashi Yuka, Ju Zhu, and Moony Li While iOS devices generally see relatively fewer threats because of the platform’s walled garden approach in terms of how apps are installed, it’s not entirely unbreachable. We saw a number of threats that successfully scaled the walls in 2016, from those that abused enterprise certificates to ones th

SEC Consult Vulnerability Lab Security Advisory < 20170913-1 >======================================================================= title: Local File Disclosure product: VLC media player iOS app vulnerable version: 2.7.8 fixed version: 2.8.1 CVE number: - impact: Medium homepage: https://itun

Zimperium Researcher Adam Donenfeld released an iOS Kernel Exploit PoC that can be used to gain full control of iOS mobile devices. Researcher Adam Donenfeld of mobile security firm Zimperium published a Proof-of-concept (PoC) for recently patched iOS vulnerabilities that can be chained to gain full control of iOS mobile devices. The expert called the PoC ex

Vulnerabilities in Cisco IOS expose Rockwell Allen-Bradley Stratix and ArmorStratix industrial Ethernet switches to remote attacks. Some models of the Allen-Bradley Stratix and ArmorStratix industrial Ethernet switches are exposed to remote attacks due to security flaws in Cisco’s IOS software. According to the security alert issued by ICS-CERT, an authentic

Researcher demonstrates 'severe' ZIVA exploit at Hack in the Box.Multiple vulnerabilities in the AppleAVEDriver when linked together create an opportunity to launch an iOS exploit that can take full control of the iOS kernel, security researcher Adam Donenfeld of Zimperium's zLabs revealed today.Donenfeld, who today demonstrated the exploit at the&

Follow @doadam Following my previous post, I’m releasing ziVA: a fully chained iOS kernel exploit that (should) work on all the iOS devices running iOS 10.3.1 or earlier. The exploit itself consists of multiple vulnerabilities that were discovered all in the same module: AppleAVEDriver. The exploit will be covered in depth in my HITBGSEC talk held on August

While some are in back-to-school mode and others are getting ready for football, we’re gearing up for the latest mobile operating systems to hit the market. With the Apple iOS 11 release right around the corner, the time is now for IT and security leaders to zero in on their Apple iOS management strategy to prepare for the myriad changes set to affec

Document Title:===============Apple iOS 10.3 - UI SMS Access Permission VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2078Apple Security ID: 666589482Video: https://www.vulnerability-lab.com/get_content.php?id=2079Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2017/08/14/apple-

To fight phishing attacks, Google has introduced a security measure for its Gmail app for iOS that will help users identify and delete phishing emails. Phishing continues to be one of the most dangerous threats, crooks continue to devise new techniques to trick victims into providing sensitive information. The technique is still the privileged attack vector

Introduction In 1975, a book was published that changed the way we approach complex problems. Inspired on how nature works “Adaptation in Natural and Artificial Systems” set the bases of genetic algorithms. The release date of this blogpost is strongly linked to that book, it is a symbolic tribute to its author, John Henry Holland, who passed out

We see a lot of confusion in the market about precisely what it means to jailbreak a device–and that confusion could lead to serious problems, especially with regard to the notion of a hacker performing a jailbreak to attack a device. The security industry is notoriously full of acronyms, buzzwords and generally opaque jargon. Here at Zimperium, we try

In compliance with Chinese Internet monitoring law, Apple has started removing all IOS VPN apps from it App Store in China. The company complies with a request from the Chinese Government that wants to strict censorship making it harder for netizens to bypass the Great Firewall system (aka Golden Shield project). The Golden Shield project allows China to c

Security researcher found a common flaw in Android and iOS smartphone chipsets that could allow a remote exploit to be unleashed on millions of devices.BLACK HAT – Las Vegas - Android and iOS smartphones loaded with a Broadcom Wi-Fi chipset offer attackers a common means to launch a remote exploit that could affect millions of users, according to a pre