by Lilang Wu, Ju Zhu, and Moony Li
We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain fe
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-10-31-1 iOS 11.1iOS 11.1 is now available and addresses the following:CoreTextAvailable for: iPhone 5s and later, iPad Air and later, and iPodtouch 6th generationImpact: Processing a maliciously crafted text file may lead to anunexpected application terminationDescription: A denial of service issue
Publish At:
2017-11-01 20:05 |
Read:2691 | Comments:0 |
Tags:
IOS
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-10-31-9Additional information for APPLE-SA-2017-09-19-1 iOS 11iOS 11 addresses the following:802.1XAvailable for: iPhone 5s and later, iPad Air and later, and iPodtouch 6th generationImpact: An attacker may be able to exploit weaknesses in TLS 1.0Description: A protocol security issue was addressed
Publish At:
2017-11-01 20:05 |
Read:2054 | Comments:0 |
Tags:
IOS
It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We’re talking here about intercepting and stealing personal information and the de-anonymi
Developer discovered that iOS apps can read metadata revealing users’ locations and much more, a serious threat to our privacy.
The developer Felix Krause, founder of Fastlane.Tools, has discovered that iOS apps can access image metadata revealing users’ location history.
Krause published a detailed analysis on the Open Radar community, he explai
Cisco has released security updates for its IOS Operating System to fix more than a dozen critical and high severity vulnerabilities.
Cisco has released updates for its IOS software to fix more than a dozen critical and high severity vulnerabilities that could be exploited by attackers to remotely take over company’s switches and routers.
Giving a close loo
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-25-4Additional information for APPLE-SA-2017-09-19-1 iOS 11iOS 11 addresses the following:BluetoothAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An application may be able to access restricted filesDescription: A privacy issue existed in the handling
Publish At:
2017-09-26 11:15 |
Read:2173 | Comments:0 |
Tags:
IOS
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-19-1 iOS 11iOS 11 is now available and addresses the following:Exchange ActiveSyncAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An attacker in a privileged network position may be able toerase a device during Exchange account setupDescription: A vali
Publish At:
2017-09-21 20:36 |
Read:2165 | Comments:0 |
Tags:
IOS
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-20-1 Additional information for APPLE-SA-2017-09-19-1 iOS 11iOS 11 addresses the following:Exchange ActiveSyncAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An attacker in a privileged network position may be able toerase a device during Exchange acco
Publish At:
2017-09-21 20:36 |
Read:2349 | Comments:0 |
Tags:
IOS
by Hara Hiroaki, Higashi Yuka, Ju Zhu, and Moony Li
While iOS devices generally see relatively fewer threats because of the platform’s walled garden approach in terms of how apps are installed, it’s not entirely unbreachable. We saw a number of threats that successfully scaled the walls in 2016, from those that abused enterprise certificates to ones th
SEC Consult Vulnerability Lab Security Advisory < 20170913-1 >======================================================================= title: Local File Disclosure product: VLC media player iOS app vulnerable version: 2.7.8 fixed version: 2.8.1 CVE number: - impact: Medium homepage: https://itun
Publish At:
2017-09-13 09:40 |
Read:1850 | Comments:0 |
Tags:
IOS
Zimperium Researcher Adam Donenfeld released an iOS Kernel Exploit PoC that can be used to gain full control of iOS mobile devices.
Researcher Adam Donenfeld of mobile security firm Zimperium published a Proof-of-concept (PoC) for recently patched iOS vulnerabilities that can be chained to gain full control of iOS mobile devices.
The expert called the PoC ex
Vulnerabilities in Cisco IOS expose Rockwell Allen-Bradley Stratix and ArmorStratix industrial Ethernet switches to remote attacks.
Some models of the Allen-Bradley Stratix and ArmorStratix industrial Ethernet switches are exposed to remote attacks due to security flaws in Cisco’s IOS software.
According to the security alert issued by ICS-CERT, an authentic
Researcher demonstrates 'severe' ZIVA exploit at Hack in the Box.Multiple vulnerabilities in the AppleAVEDriver when linked together create an opportunity to launch an iOS exploit that can take full control of the iOS kernel, security researcher Adam Donenfeld of Zimperium's zLabs revealed today.Donenfeld, who today demonstrated the exploit at the&
Publish At:
2017-08-25 05:30 |
Read:2761 | Comments:0 |
Tags:
IOS exploit
Follow @doadam
Following my previous post, I’m releasing ziVA: a fully chained iOS kernel exploit that (should) work on all the iOS devices running iOS 10.3.1 or earlier. The exploit itself consists of multiple vulnerabilities that were discovered all in the same module: AppleAVEDriver.
The exploit will be covered in depth in my HITBGSEC talk held on August
Announce
Share high-quality web security related articles with you:)
Tools