HackDig : Dig high-quality web security articles for hacker

Introducing iVerify, the security toolkit for iPhone users

“If privacy matters, it should matter to the phone your life is on.” So says Apple in their recent ads about Privacy on the iPhone and controlling the data you share—but many of the security features they highlight are opt-in, and users often don’t know when or how to activate them. But hey… we got your back! Today, Trail of Bits launched i
Publish At:2019-11-14 15:25 | Read:54 | Comments:0 | Tags:Apple Education Exploits Guides iVerify Press Release Privac

Zimperium Analyzes TikTok’s Security and Privacy Risks

Several news outlets over the last few days are talking about how TikTok, the viral short video app where millions of teens post comedy skits set to music, is under fire from U.S. lawmakers.   CNN reports US lawmakers on both sides of the aisle warn that the app could pose a national security risk, and are calling on regulators and intelligence agencies to
Publish At:2019-11-12 00:25 | Read:73 | Comments:0 | Tags:App Security Mobile Threat Defense Android apps iOS mobile M

CVE-2019-8804: An inconsistency in Wi-Fi network configuration 

Researcher: Christy Philip Mathew (@christypriory) Relevant Devices: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation CVE: CVE-2019-8804 Summary An attacker in physical proximity of an Apple Store or an Apple retailer may be able to force a user onto a malicious Wi-Fi network during device setup, if the device
Publish At:2019-11-12 00:25 | Read:103 | Comments:0 | Tags:iOS WiFi

It’s just a game: a handful of scenarios in the Bitcoin world

Resistance to unpopular changes to the protocol Bitcoin is the first mainstream open source digital currency. By having publicly verifiable source code and a decentralized protocol by design, it also offers some resistance to regulatory pressure. For example, if, in country C, a court of law forces Bitcoin core developers living in C to change the rules of
Publish At:2019-10-18 11:20 | Read:241 | Comments:0 | Tags: IOS

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:"To prevent the issue happening again, go to
Publish At:2019-10-18 10:30 | Read:256 | Comments:0 | Tags: IOS

Security and Privacy Issues Found in Popular Travel Apps

Planned your holiday travel just yet? Too soon? Not according to experts who told The Today Show the best time to book your Thanksgiving AND Christmas travel plans are before Halloween. After Halloween, fares go up, layover possibilities increase as does ending up in the middle seat.  The truth is, whenever you book travel – and more of us are doing s
Publish At:2019-10-16 12:30 | Read:273 | Comments:0 | Tags:App Security Mobile Security Mobile Threat Defense Android a

Federal CIOs Zero In on Zero Trust

Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles. Now more than ever, the US government has focused on proactive cybersecurity measures. Under President Donald Trump's proposed budget for fiscal year 2020, the federal cybersecurity budget would increase to $17.4 billion, up from an estimated $16.6 billion this
Publish At:2019-10-16 11:50 | Read:271 | Comments:0 | Tags: IOS

Fake 'checkra1n' iOS Jailbreak Offered in Click Fraud Scheme

iPhone owners looking to jailbreak their devices have been warned that a fake checkra1n jailbreak is being offered as part of a sophisticated click fraud scheme featuring techniques that could be used for far more malicious actions.A researcher specializing in iOS security, known online as axi0mX, last month released the source code of an iOS exploit that ca
Publish At:2019-10-15 12:00 | Read:359 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Fraud & Identity The

A run-time approach for penetration testing of iOS apps Part-I

Hello everybody, This article will cover dynamic run-time penetration testing of iOS applications using objection framework. Objection is a run-time mobile exploration toolkit, powered by Frida. Objection injects uses Frida to injects objects into application run-time in order to execute certain tasks in security context. Objection framework let
Publish At:2019-10-07 07:25 | Read:443 | Comments:0 | Tags:News infosec ios applications iospentesting Mobile Applicati

A run-time approach for pen-testing iOS applications Part-II (Objection in Action)

Objection in Action Once all things go right, we can inject Frida scripts into our target application. Open target application and enter following command in powershell objection -g YOUR-APPLICATION-NAME explore You will now have access to application’s file over device’s shell Test Cases: > Application exploration: 1. To brows
Publish At:2019-10-07 07:25 | Read:347 | Comments:0 | Tags:News infosec ios ios applications iospentesting Mobile Appli

Checkm8 jailbreak and AltStore put cracks in Apple’s walled garden

byDanny BradburyJailbreaking iPhones has become a lot harder with each new version of the hardware, but this weekend saw two new announcements that enable people to install apps on their phones. One of them is a traditional jailbreak, while the other is an alternative app store that uses a loophole in Apple’s code-signing process.Jailbreaking is a form
Publish At:2019-09-30 12:45 | Read:393 | Comments:0 | Tags:Apple iOS Mobile App Store iPhone jailbreak jailbreaking

Apple Patches iOS 13 Bug Allowing Third-Party Keyboards "Full Access"

Apple on Friday released security updates for iOS 13 and iPadOS to address a vulnerability that allowed third-party keyboard extensions to gain “full access” without being granted permission.The bug, Apple revealed earlier this week, only impacts devices where third-party keyboards request full access permissions, but does not affect Apple keyboards or third
Publish At:2019-09-28 12:00 | Read:408 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Vulnerabilities

New iOS exploit checkm8 allows permanent compromise of iPhones

UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the “permanent” only refers to the fact that the bug is in the bootrom, where it cannot be patched. UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points, including the fact that this cannot be exploited remot
Publish At:2019-09-27 23:20 | Read:444 | Comments:0 | Tags:Mac Apple apple security apple vulnerability checkm8 exploit

Apple issues iOS 13.1.1 and security updates for every OS, even iOS 12

UPDATE: On Friday, September 27, Apple released two more updates—iOS 13.1.1 and iPadOS 13.1.1—to address the following issue:SandboxImpact: Third party app extensions may not receive the correct sandbox restrictionsDescription: A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions.O
Publish At:2019-09-27 22:10 | Read:453 | Comments:0 | Tags:Software & Apps iOS iOS 12 Security Updates watchOS 5 IOS

'Unpatchable' iOS Bootrom Exploit Allows Jailbreaking of Many iPhones

A researcher specializing in iOS security claims to have created a bootrom exploit that can be leveraged to jailbreak hundreds of millions of iOS devices, including all iPhones between iPhone 4S and iPhone X.The hacker, who uses the online moniker axi0mX, has released the exploit for free in hopes that it would benefit security researchers and the iOS jailbr
Publish At:2019-09-27 12:00 | Read:415 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud