HackDig : Dig high-quality web security articles for hackers

New iOS exploit checkm8 allows permanent compromise of iPhones

UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the “permanent” only refers to the fact that the bug is in the bootrom, where it cannot be patched. UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points, including the fact that this cannot be exploited remot
Publish At:2019-09-27 23:20 | Read:1553 | Comments:0 | Tags:Mac Apple apple security apple vulnerability checkm8 exploit

Apple Patches 100+ Vulnerabilities in OS X, Safari, iOS

UPDATE Apple pushed out its latest operating system, El Capitan, yesterday, and while it boasts many security fixes, the update fails to address the outstanding vulnerability in Gatekeeper that came to light this week.The issue with Gatekeeper, as described yesterday by Patrick Wardle, the director of research at Synack, fails to verify whether an app runs o
Publish At:2015-10-01 14:30 | Read:3172 | Comments:0 | Tags:Apple Vulnerabilities apple apple security El Capitan Gateke

XcodeGhost Malware Stirring Up More Trouble

As more eyes peer into XcodeGhost, the malware that managed to sneak into Apple’s App Store, more trouble bubbles to the surface.Researchers at Palo Alto Networks said in an updated report that the malware contains a vulnerability that allows an attacker in man-in-the-middle position to control iOS applications infected by XcodeGhost. “XcodeGho
Publish At:2015-09-23 11:40 | Read:4028 | Comments:0 | Tags:Apple Malware Vulnerabilities amazon Apple App Store Apple m

Zerodium Hosts Million-Dollar iOS 9 Bug Bounty

Exploit vendor Zerodium, a company started by VUPEN founder Chaouki Bekrar, today announced it will host a month-long million-dollar bug bounty focused on Apple iOS 9.Bekrar said in a statement there is a $3 million pool available for the bounty, which will close on Oct. 31 or earlier if the total payout to researchers reaches the $3 million mark. “Z
Publish At:2015-09-22 00:30 | Read:3882 | Comments:0 | Tags:Apple Hacks Malware Vulnerabilities apple apple security App

Inside the Unpatched OS X Vulnerabilities

Update Luca Todesco still won’t say why he disclosed over the weekend details and proof of concept code for a pair of unpatched and previously unreported OS X vulnerabilities, instead standing firm by his pat response: “I had my reasons.”The 18-year-old Italian researcher, however, is sure his attacks will root current versions of OS X, Yos
Publish At:2015-08-20 00:50 | Read:2666 | Comments:0 | Tags:Apple Vulnerabilities Web Security apple Apple Patch apple s

Apple Zero Day Remains Unpatched

A recently disclosed kernel-level zero-day vulnerability in Mac OS X Yosemite and Mavericks remains unpatched, though reports say Apple is developing and testing a patch.Luca Todesco, an 18-year-old security researcher from Italy, on Sunday dropped details and proof-of-concept code about the security issue shortly after he disclosed them to Apple. Multiple
Publish At:2015-08-19 07:15 | Read:4174 | Comments:0 | Tags:Apple Vulnerabilities apple apple security El Capitan Luca T

Apple Patches Critical OS X DYLD Flaw in Monster Update

Apple yesterday patched a critical privilege escalation vulnerability in OS X 10.10 that was disclosed in early July. The flaw in OS X’s dynamic linker called dyld was specific to a new feature that allowed for error logging to arbitrary files.Researcher Stefan Esser shared details of the vulnerability and source code for a kernel extension that mitiga
Publish At:2015-08-14 21:20 | Read:4134 | Comments:0 | Tags:Apple Vulnerabilities Web Security apple Apple patches apple

Thunderstrike 2 OS X Firmware Attack Self-Replicates to Peripherals

A new attack against Intel firmware running in Apple computers is expected to be unveiled at this week’s Black Hat conference. The research is an extension of the Thunderstrike Mac OS X firmware bootkit disclosed this spring that enables the undetectable installation of malicious firmware that survives reboots and operating system reinstallations.Thund
Publish At:2015-08-03 22:45 | Read:3019 | Comments:0 | Tags:Apple Black Hat Hacks Malware Vulnerabilities Web Security a

Writing Advanced OS X Malware an ‘Elegant’ Solution to Improving Detection

Patrick Wardle has one word for today’s generation of Mac OS X malware: lame.Sure there are advanced samples out there developed by nation-state sponsored groups or exploit vendors such as Hacking Team, but for the most part, Wardle says, we’re still talking about malware that are standalone binaries that are easily detectable and remind him of 1
Publish At:2015-07-31 07:40 | Read:2696 | Comments:0 | Tags:Apple Black Hat Malware Vulnerabilities Web Security apple a

Patched Apple QuickTime Vulnerability Details Disclosed

Use-after-free vulnerabilities have nudged buffer overflows off their exclusive perch of serious bugs that hackers covet. They’ve been used in a number of targeted attacks, including some  high-profile nation-state attacks, and also were a motivation for Microsoft to implement UAF-specific mitigations in Internet Explorer and the Enhanced Mitigation Ex
Publish At:2015-07-01 16:50 | Read:3889 | Comments:0 | Tags:Apple Web Security apple Apple Patch apple security Cisco Ci

Older Versions of OS X Remain Vulnerable to Rootpipe ‘Hidden Backdoor API’

UPDATE: Apple patched the so-called Rootpipe backdoor in OS X, but only in current versions of Yosemite. According to the researcher who found the vulnerability, Apple told him that it would not backport the fix to 10.9.x and older.The vulnerability, located in the OS X Admin framework, was patched Wednesday in a monster OS X update in Yosemite 10.10.3. E
Publish At:2015-04-11 01:55 | Read:4025 | Comments:0 | Tags:Apple Vulnerabilities apple Apple patches apple security App

Apple Patches 80 Bugs in OS X Yosemite 10.10.3

Apple on Wednesday released close to 80 security updates for OS X, including remote code execution vulnerabilities in a dozen components that were patched in Yosemite 10.10.3.The OS X update was released the same day as an extensive update in iOS 8.3 that patched three dozen code execution and privilege escalation vulnerabilities. Details are trickling ou
Publish At:2015-04-09 17:50 | Read:2364 | Comments:0 | Tags:Apple Vulnerabilities apple Apple OS X patches Apple patches

Apple Patches WebKit Vulnerabilities in Safari

Apple on Tuesday pushed out new versions of its Safari browser that address 17 security vulnerabilities in the WebKit engine.Safari 8.04, 7.14 and 6.24 patch multiple memory corruption issues in WebKit, Apple said.“These issues were addressed through improved memory handling,” Apple said in its advisory.The advisory is sparse in other details on
Publish At:2015-03-18 17:00 | Read:2807 | Comments:0 | Tags:Apple Vulnerabilities Web Security apple Apple patches apple

Stealthy, Persistent DLL Hijacking Works Against OS X

DLL hijacking has plagued Windows machines back as far as 2000 and provides hackers with a quiet way to gain persistence on a vulnerable machine, or remotely exploit a vulnerable application.And now it’s come to Apple’s Mac OS X. This week at the CanSecWest conference in Vancouver, Synack director of research Patrick Wardle is expected to deli
Publish At:2015-03-17 09:00 | Read:2868 | Comments:0 | Tags:Apple Hacks Malware Vulnerabilities Web Security apple apple

Apple Security: 2014 Year In Review

The computer security stories seemed to be virtually nonstop over the past year, so there's a good chance you may have missed some stories. Make sure you haven't missed anything important—read on for a quick review of some significant Apple-related security stories of 2014.Perhaps the most widely publicized Apple security problem of 2014 was the celebrity ph
Publish At:2015-01-13 23:40 | Read:3231 | Comments:0 | Tags:Malware Security & Privacy Security News 2014 Apple Security


Share high-quality web security related articles with you:)


Tag Cloud