HackDig : Dig high-quality web security articles for hacker

App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant

by Lilang Wu, Ju Zhu, and Moony Li We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain fe
Publish At:2017-11-02 20:40 | Read:292 | Comments:0 | Tags:Bad Sites Malware Mobile android app stores iOS

APPLE-SA-2017-10-31-1 iOS 11.1

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-10-31-1 iOS 11.1iOS 11.1 is now available and addresses the following:CoreTextAvailable for: iPhone 5s and later, iPad Air and later, and iPodtouch 6th generationImpact: Processing a maliciously crafted text file may lead to anunexpected application terminationDescription: A denial of service issue
Publish At:2017-11-01 20:05 | Read:275 | Comments:0 | Tags: IOS

APPLE-SA-2017-10-31-9 Additional information for APPLE-SA-2017-09-19-1 iOS 11

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-10-31-9Additional information for APPLE-SA-2017-09-19-1 iOS 11iOS 11 addresses the following:802.1XAvailable for: iPhone 5s and later, iPad Air and later, and iPodtouch 6th generationImpact: An attacker may be able to exploit weaknesses in TLS 1.0Description: A protocol security issue was addressed
Publish At:2017-11-01 20:05 | Read:145 | Comments:0 | Tags: IOS

Dangerous liaisons

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We’re talking here about intercepting and stealing personal information and the de-anonymi
Publish At:2017-10-24 11:55 | Read:206 | Comments:0 | Tags:Featured Mobile threats Android Certificate HTTPS iOS Mobile

iOS apps can access metadata revealing users’ locations and much more

Developer discovered that iOS apps can read metadata revealing users’ locations and much more, a serious threat to our privacy. The developer Felix Krause, founder of Fastlane.Tools, has discovered that iOS apps can access image metadata revealing users’ location history. Krause published a detailed analysis on the Open Radar community, he explai
Publish At:2017-09-28 18:26 | Read:586 | Comments:0 | Tags:Breaking News Digital ID Hacking Mobile DetectLocations Exif

CISCO addressed several critical IOS flaws that expose devices to remote attacks

Cisco has released security updates for its IOS Operating System to fix more than a dozen critical and high severity vulnerabilities. Cisco has released updates for its IOS software to fix more than a dozen critical and high severity vulnerabilities that could be exploited by attackers to remotely take over company’s switches and routers. Giving a close loo
Publish At:2017-09-28 18:26 | Read:294 | Comments:0 | Tags:Breaking News Hacking CISCO iOS RCE IOS

APPLE-SA-2017-09-25-4 Additional information for APPLE-SA-2017-09-19-1 iOS 11

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-25-4Additional information for APPLE-SA-2017-09-19-1 iOS 11iOS 11 addresses the following:BluetoothAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An application may be able to access restricted filesDescription: A privacy issue existed in the handling
Publish At:2017-09-26 11:15 | Read:246 | Comments:0 | Tags: IOS

APPLE-SA-2017-09-19-1 iOS 11

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-19-1 iOS 11iOS 11 is now available and addresses the following:Exchange ActiveSyncAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An attacker in a privileged network position may be able toerase a device during Exchange account setupDescription: A vali
Publish At:2017-09-21 20:36 | Read:319 | Comments:0 | Tags: IOS

APPLE-SA-2017-09-20-1 Additional information for APPLE-SA-2017-09-19-1 iOS 11

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-20-1 Additional information for APPLE-SA-2017-09-19-1 iOS 11iOS 11 addresses the following:Exchange ActiveSyncAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An attacker in a privileged network position may be able toerase a device during Exchange acco
Publish At:2017-09-21 20:36 | Read:519 | Comments:0 | Tags: IOS

iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices

by Hara Hiroaki, Higashi Yuka, Ju Zhu, and Moony Li While iOS devices generally see relatively fewer threats because of the platform’s walled garden approach in terms of how apps are installed, it’s not entirely unbreachable. We saw a number of threats that successfully scaled the walls in 2016, from those that abused enterprise certificates to ones th
Publish At:2017-09-19 00:55 | Read:435 | Comments:0 | Tags:Mobile Apple iOS iOS Configuration Profile iXintpwn YJSNPI I

SEC Consult SA-20170913-1 :: Local File Disclosure in VLC media player iOS app

SEC Consult Vulnerability Lab Security Advisory < 20170913-1 >======================================================================= title: Local File Disclosure product: VLC media player iOS app vulnerable version: 2.7.8 fixed version: 2.8.1 CVE number: - impact: Medium homepage: https://itun
Publish At:2017-09-13 09:40 | Read:364 | Comments:0 | Tags: IOS

Zimperium researcher released an iOS Kernel Exploit PoC

Zimperium Researcher Adam Donenfeld released an iOS Kernel Exploit PoC that can be used to gain full control of iOS mobile devices. Researcher Adam Donenfeld of mobile security firm Zimperium published a Proof-of-concept (PoC) for recently patched iOS vulnerabilities that can be chained to gain full control of iOS mobile devices. The expert called the PoC ex
Publish At:2017-08-28 14:00 | Read:558 | Comments:0 | Tags:Breaking News Hacking Mobile Apple iOS Kernel Exploit kernel

Cisco IOS vulnerabilities open Rockwell Industrial Switches to attacks

Vulnerabilities in Cisco IOS expose Rockwell Allen-Bradley Stratix and ArmorStratix industrial Ethernet switches to remote attacks. Some models of the Allen-Bradley Stratix and ArmorStratix industrial Ethernet switches are exposed to remote attacks due to security flaws in Cisco’s IOS software. According to the security alert issued by ICS-CERT, an authentic
Publish At:2017-08-26 06:45 | Read:490 | Comments:0 | Tags:Breaking News Hacking CISCO Cisco IOS Software iOS SNMP IOS

Apple iOS Exploit Takes Complete Control of Kernel

Researcher demonstrates 'severe' ZIVA exploit at Hack in the Box.Multiple vulnerabilities in the AppleAVEDriver when linked together create an opportunity to launch an iOS exploit that can take full control of the iOS kernel, security researcher Adam Donenfeld of Zimperium's zLabs revealed today.Donenfeld, who today demonstrated the exploit at the&
Publish At:2017-08-25 05:30 | Read:407 | Comments:0 | Tags: IOS exploit

ziVA: Zimperium’s iOS Video Audio Kernel Exploit

Follow @doadam Following my previous post, I’m releasing ziVA: a fully chained iOS kernel exploit that (should) work on all the iOS devices running iOS 10.3.1 or earlier. The exploit itself consists of multiple vulnerabilities that were discovered all in the same module: AppleAVEDriver. The exploit will be covered in depth in my HITBGSEC talk held on August
Publish At:2017-08-24 04:35 | Read:801 | Comments:0 | Tags:iOS Threat Research IOS exploit

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud