HackDig : Dig high-quality web security articles for hacker

GHIA CamIP 1.2 For iOS Denial Of Service

# Exploit Title: GHIA CamIP 1.2 for iOS - 'Password' Denial of Service (PoC)# Discovery by: Ivan Marmolejo# Discovery Date: 2019-11-27# Vendor Homepage: https://apps.apple.com/mx/app/ghia-camip/id1342090963# Software Link: App Store for iOS devices# Tested Version: 1.2 # Vulnerability Type: Denial of Service (DoS) Local# Tested on OS: iPhone 6s iOS
Publish At:2019-12-02 23:10 | Read:205 | Comments:0 | Tags: IOS

iNetTools For iOS 8.20 Denial Of Service

# Exploit Title: iNetTools for iOS 8.20 - 'Whois' Denial of Service (PoC)# Discovery by: Ivan Marmolejo# Discovery Date: 2019-11-25# Vendor Homepage: https://apps.apple.com/mx/app/inettools-ping-dns-port-scan/id561659975# Software Link: App Store for iOS devices# Tested Version: 8.20# Vulnerability Type: Denial of Service (DoS) Local# Tested on OS:
Publish At:2019-11-30 11:10 | Read:259 | Comments:0 | Tags: IOS

New Free Emulator Challenges Apple's Control of iOS

An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system - and gives Apple a new headache.A security researcher at Black Hat Europe in London next week plans to release an open source low-level emulator that can run a version of Apple's mobile operating system.The project, based on the
Publish At:2019-11-30 10:10 | Read:99 | Comments:0 | Tags: IOS

Privacy and Security Issues Found in Popular Shopping Apps

Just in time for Black Friday, Cyber Monday and the holiday shopping season, we investigated the most recent versions* of 30 of the leading, well-known mobile shopping applications to see how the application providers protect users from security and privacy risks.  The results based on our Advanced Application Analysis z3A technology are alarming: 100% of
Publish At:2019-11-20 12:25 | Read:145 | Comments:0 | Tags:App Security Mobile Security Android apps iOS mobile endpoin

scadaApp For iOS 1.1.4.0 Denial Of Service

# Exploit Title: scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)# Discovery by: Luis Martinez# Discovery Date: 2019-11-18# Vendor Homepage: https://apps.apple.com/ca/app/scadaapp/id1206266634# Software Link: App Store for iOS devices# Tested Version: 1.1.4.0# Vulnerability Type: Denial of Service (DoS) Local# Tested on OS: iPhone 7
Publish At:2019-11-20 11:10 | Read:182 | Comments:0 | Tags: IOS

Introducing iVerify, the security toolkit for iPhone users

“If privacy matters, it should matter to the phone your life is on.” So says Apple in their recent ads about Privacy on the iPhone and controlling the data you share—but many of the security features they highlight are opt-in, and users often don’t know when or how to activate them. But hey… we got your back! Today, Trail of Bits launched i
Publish At:2019-11-14 15:25 | Read:216 | Comments:0 | Tags:Apple Education Exploits Guides iVerify Press Release Privac

Zimperium Analyzes TikTok’s Security and Privacy Risks

Several news outlets over the last few days are talking about how TikTok, the viral short video app where millions of teens post comedy skits set to music, is under fire from U.S. lawmakers.   CNN reports US lawmakers on both sides of the aisle warn that the app could pose a national security risk, and are calling on regulators and intelligence agencies to
Publish At:2019-11-12 00:25 | Read:191 | Comments:0 | Tags:App Security Mobile Threat Defense Android apps iOS mobile M

CVE-2019-8804: An inconsistency in Wi-Fi network configuration 

Researcher: Christy Philip Mathew (@christypriory) Relevant Devices: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation CVE: CVE-2019-8804 Summary An attacker in physical proximity of an Apple Store or an Apple retailer may be able to force a user onto a malicious Wi-Fi network during device setup, if the device
Publish At:2019-11-12 00:25 | Read:187 | Comments:0 | Tags:iOS WiFi

It’s just a game: a handful of scenarios in the Bitcoin world

Resistance to unpopular changes to the protocol Bitcoin is the first mainstream open source digital currency. By having publicly verifiable source code and a decentralized protocol by design, it also offers some resistance to regulatory pressure. For example, if, in country C, a court of law forces Bitcoin core developers living in C to change the rules of
Publish At:2019-10-18 11:20 | Read:540 | Comments:0 | Tags: IOS

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:"To prevent the issue happening again, go to
Publish At:2019-10-18 10:30 | Read:516 | Comments:0 | Tags: IOS

Security and Privacy Issues Found in Popular Travel Apps

Planned your holiday travel just yet? Too soon? Not according to experts who told The Today Show the best time to book your Thanksgiving AND Christmas travel plans are before Halloween. After Halloween, fares go up, layover possibilities increase as does ending up in the middle seat.  The truth is, whenever you book travel – and more of us are doing s
Publish At:2019-10-16 12:30 | Read:550 | Comments:0 | Tags:App Security Mobile Security Mobile Threat Defense Android a

Federal CIOs Zero In on Zero Trust

Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles. Now more than ever, the US government has focused on proactive cybersecurity measures. Under President Donald Trump's proposed budget for fiscal year 2020, the federal cybersecurity budget would increase to $17.4 billion, up from an estimated $16.6 billion this
Publish At:2019-10-16 11:50 | Read:567 | Comments:0 | Tags: IOS

Fake 'checkra1n' iOS Jailbreak Offered in Click Fraud Scheme

iPhone owners looking to jailbreak their devices have been warned that a fake checkra1n jailbreak is being offered as part of a sophisticated click fraud scheme featuring techniques that could be used for far more malicious actions.A researcher specializing in iOS security, known online as axi0mX, last month released the source code of an iOS exploit that ca
Publish At:2019-10-15 12:00 | Read:754 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Fraud & Identity The

A run-time approach for penetration testing of iOS apps Part-I

Hello everybody, This article will cover dynamic run-time penetration testing of iOS applications using objection framework. Objection is a run-time mobile exploration toolkit, powered by Frida. Objection injects uses Frida to injects objects into application run-time in order to execute certain tasks in security context. Objection framework let
Publish At:2019-10-07 07:25 | Read:716 | Comments:0 | Tags:News infosec ios applications iospentesting Mobile Applicati

A run-time approach for pen-testing iOS applications Part-II (Objection in Action)

Objection in Action Once all things go right, we can inject Frida scripts into our target application. Open target application and enter following command in powershell objection -g YOUR-APPLICATION-NAME explore You will now have access to application’s file over device’s shell Test Cases: > Application exploration: 1. To brows
Publish At:2019-10-07 07:25 | Read:554 | Comments:0 | Tags:News infosec ios ios applications iospentesting Mobile Appli

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud