HackDig : Dig high-quality web security articles for hacker

In-the-wild iOS Exploit Chain 3

Posted by Ian Beer, Project ZeroTL;DRThis chain targeted iOS 11-11.4.1, spanning almost 10 months. This is the first chain we observed which had a separate sandbox escape exploit.The sandbox escape vulnerability was a severe security regression in libxpc, where refactoring lead to a < bounds check becoming a != comparison against the boundary value. The v
Publish At:2020-02-17 04:45 | Read:344 | Comments:0 | Tags: IOS exploit

In-the-wild iOS Exploit Chain 2

Posted by Ian Beer, Project ZeroTL;DRThis was an exploit for a known bug class which I had been auditing for since late 2016. The same anti-pattern which lead to this vulnerability, we’ll see again in Exploit Chain #3, which follows this post.  This exploit chain targets iOS 10.3 through 10.3.3. Interestingly, I also independently discovered and re
Publish At:2020-02-17 04:45 | Read:403 | Comments:0 | Tags: IOS exploit

In-the-wild iOS Exploit Chain 1

Posted by Ian Beer, Project ZeroTL;DRThis exploit provides evidence that these exploit chains were likely written contemporaneously with their supported iOS versions; that is, the exploit techniques which were used suggest that this exploit was written around the time of iOS 10. This suggests that this group had a capability against a fully patched iPhone fo
Publish At:2020-02-17 04:45 | Read:383 | Comments:0 | Tags: IOS exploit

A very deep dive into iOS Exploit chains found in the wild

Posted by Ian Beer, Project ZeroProject Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities, with the ultimate goal of advocating for structural security improvements in popular systems to help protect people everywhere.  Earlier this year Google's Threat Analysis Group (TAG) disc
Publish At:2020-02-17 04:45 | Read:353 | Comments:0 | Tags: IOS exploit

SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4

Posted by Ned Williamson, 20% on Project ZeroIntroductionI have a somewhat unique opportunity in this writeup to highlight my experience as an iOS research newcomer. Many high quality iOS kernel exploitation writeups have been published, but those often feature weaker initial primitives combined with lots of cleverness, so it’s hard to tell which iOS interna
Publish At:2020-02-17 04:45 | Read:143 | Comments:0 | Tags: IOS exploit

Security and Privacy Issues Found in Popular Dating Apps

An estimated 25.1 million people used a dating app at least monthly in 2019, a 5.3% increase from the amount of users in 2018. While users may find love, they are also finding heartbreak in the form of leaked personal information and other security and privacy risks. We investigated 14 of the leading mobile dating applications – based on popularity, d
Publish At:2020-02-15 12:39 | Read:237 | Comments:0 | Tags:App Security Android apps iOS

Malwarebytes Labs releases 2020 State of Malware Report

Malwarebytes Labs today released the results of our annual study on the state of malware—the 2020 State of Malware Report—and as usual, it’s a doozy. From an increase in enterprise-focused threats to the diversification of sophisticated hacking and stealth techniques, the 2019 threat landscape was shaped by a cybercrime industry that aimed to show i
Publish At:2020-02-11 04:50 | Read:441 | Comments:0 | Tags:Reports 2020 state of malware report adware Android android

APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-1-28-1 iOS 13.3.1 and iPadOS 13.3.1iOS 13.3.1 and iPadOS 13.3.1 are now available and address thefollowing:AudioAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4and later, and iPod touch 7th generationImpact: An application may be able to execute arbitrary code withsystem privile
Publish At:2020-02-09 10:46 | Read:652 | Comments:0 | Tags: IOS

Dr. Jekyll and Mr. “Hide” – How Covert Malware Made it into Apple’s App Store

Today, enterprises feature a mixture of corporate and employee-owned mobile devices with the average individual downloading anywhere from 60 to 90 apps onto his/her mobile device. A fact keeping many CISOs up at night because while most apps are safe, even one malicious app – inadvertently downloaded – can compromise an entire organization.  The
Publish At:2020-02-04 12:25 | Read:426 | Comments:0 | Tags:News apps cyber security iOS

P2PWIFICAM2 for iOS 10.4.1 Camera ID Denial of Service (PoC)

# Exploit Title: P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC)# Discovery by: Ivan Marmolejo# Discovery Date: 2020-02-02# Vendor Homepage: https://apps.apple.com/mx/app/p2pwificam2/id663665207# Software Link: App Store for iOS devices# Tested Version: 10.4.1# Vulnerability Type: Denial of Service (DoS) Local# Tested on OS: iPhone
Publish At:2020-02-03 11:10 | Read:501 | Comments:0 | Tags: IOS

Apple releases macOS Catalina 10.15.3, iOS 13.3.1, and more

This week Apple released updates to all of its operating systems and Safari browser. Here’s a brief rundown of new features and security-related fixes included with each update.iOS 13.3.1 and iPadOS 13.3.1Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generationApple describes the update’s new
Publish At:2020-01-31 09:00 | Read:500 | Comments:0 | Tags:Software & Apps Security Updates IOS

Apple Patches Tens of Vulnerabilities in iOS, macOS Catalina

Apple this week released software updates to address tens of security flaws in iOS, iPadOS, macOS Catalina, and other products.A total of 23 vulnerabilities were addressed in iOS 13.3.1 and iPadOS 13.3.1, now rolling out for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation.The flaws impact components such as Aud
Publish At:2020-01-29 12:00 | Read:403 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities IOS

Securing Interactive Kiosks IoTs with the Paradox OS

Article by Bernard Parsons, CEO, Becrypt Whether it is an EPOS system at a fast food venue or large display system at a public transport hub, interactive kiosks are becoming popular and trusted conduits for transacting valuable data with customers.The purpose of interactive kiosks, and the reason for their increasing prevalence, is to drive automation and ma
Publish At:2020-01-13 21:25 | Read:469 | Comments:0 | Tags: IOS

TikTok is the Rule, Not the Exception, When it Comes to Mobile App Privacy and Security Risks

Unfortunately for TikTok, 2020 isn’t starting off well. The video-sharing social networking service that was under fire by U.S. legislatures in 2019, is being banned by the U.S. Army, prohibiting soldiers from using it on government-owned devices, citing a potential security risk. Army spokeswoman Lt. Col. Robin Ochoa told Military.com the Chinese social me
Publish At:2020-01-06 14:10 | Read:529 | Comments:0 | Tags:App Security Android apps iOS mobile devices Mobile security

9 iPhone and iPad security and privacy features to set up right now

So you've got a new iPhone or iPad, or perhaps even an iPod touch; maybe it's your first, or maybe it's an upgrade from an older model. Security and privacy issues on these devices are arguably even more important than they are with Macs, because, especially with iPhones, you take them with you wherever you go. There are many potential threats to your securi
Publish At:2020-01-03 08:55 | Read:423 | Comments:0 | Tags:Security & Privacy Hey Siri iOS iPad iPadOS iPhone Siri


Share high-quality web security related articles with you:)


Tag Cloud