1. INTRODUCTIONDay by day, Smart phones and tablets are becoming popular, and hence technology used in development to add new features or improve the security of such devices is advancing too fast. iPhone and iPod are the game changer products launched by Apple. Apple operating system (IOS) devices started growing popular in the mobile world. Latest Sm

As part of zLab’s platform research team, I’ve tried to investigate an area of the kernel that wasn’t thoroughly researched before.  After digging into some of Apple’s closed-source kernel modules, one code chunk led to another and I’ve noticed a little-known module, which I’ve never seen before, called AppleAVE. AppleAVE 

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-07-19-1 iOS 10.3.3iOS 10.3.3 is now available and addresses the following:ContactsAvailable for: iPhone 5 and later, iPad 4th generation and later,and iPod touch 6th generationImpact: A remote attacker may be able to cause unexpected applicationtermination or arbitrary code executionDescription: A

Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.iPhones and other devices running Apple's iOS have seen a jump in malicious apps attacking them while Android malware infections have remained largely stable, according to a report released today by

Cisco has fixed nine serious remote code execution flaws in the SNMP subsystem running in all the releases of IOS and IOS XE software. The tech giant publicly disclosed the vulnerability on June 29 and provided workarounds, not it is notifying customers about the availability of security patches. The nine issues, that have been tracked with codes from CVE-20

Introduction In this blogpost I describe the history of z9, our detection engine. I will show its performance over reference data sets commonly used in the machine learning community. I’ll then describe how we apply it to detect networks attacks without any type of packet inspection. Eventually, we encourage you to participate by helping us gather and

Avanti Markets, a company whose self-service payment kiosks sit beside shelves of snacks and drinks in thousands of corporate breakrooms across America, has suffered of breach of its internal networks in which hackers were able to push malicious software out to those payment devices, the company has acknowledged. The breach may have jeopardized customer cred

Experts at CISCO discovered severe remote code execution vulnerabilities in Cisco IOS Software while conducting internal testing. Cisco warned users of serious vulnerabilities in IOS software that can be exploited by authenticated, remote attackers for code execution and denial-of-service (DoS) attacks. Experts at CISCO discovered the vulnerabilities while c

When you travel outside your corporate network with your mobile device, you are much more vulnerable to man-in-the-middle (MitM) attacks. This is how attackers intercept data as it’s being passed from a mobile device to a server. Of course, this is problematic for a number of reasons. CSO Online demonstrated how easy it is to steal all sorts of informa

Data leakage and corruption haunt iOS and Android mobile apps the most, a new study shows.Apple's iOS mobile platform suffers fewer cyberattacks than Google's Android, but a new study shows that when iOS does get hit, the attacks are more severe.Pradeo's biannual mobile applications threat review report, released today, examines the mobile threat landscape b

Credits: Hal MartinWebsite: watchmysys.comSource: https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/Vendor:====================CompuLab (compulab.com)Product:====================Intense PC / MintBox 2Vulnerability type:====================Write-protection not enabled on system firmwareCVE Reference:====================CVE-201

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) zNID: NDAY-2017-0101 CVE: Unknown Type: Information Disclosure Platform: iOS < 10.3 Device type: iPhone, iPod iOS bulletin: https://support.apple.com/en-us/HT207617 Public release date: 25th of May, 2017 Credit: Anonymous Download Exploit (passwor

[+] Credits: Ian Ling[+] Website: iancaling.com[+] Source: http://blog.iancaling.com/post/160596244178Vendor:=================http://mimosa.coProducts:======================Access Points (e.g. A5) <2.2.3Client Radios (e.g. C5) <=2.2.3Backhaul Radios (e.g. B5) <=2.2.3Vulnerability Types:===================Remote Command Execution (RCE), Denial of Ser

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-05-15-2 iOS 10.3.2iOS 10.3.2 is now available and addresses the following:AVEVideoEncoderAvailable for: iPhone 5 and later, iPad 4th generation and later,and iPod touch 6th generationImpact: An application may be able to gain kernel privilegesDescription: A memory corruption issue was addressed wit

A short demo video is available here:https://youtu.be/0jZdM9peVSkSEC Consult Vulnerability Lab Security Advisory < 20170510-0 >======================================================================= title: Insecure Handling Of URI Schemes product: Microsoft OneDrive iOS App vulnerable version: 8.13 fixed version: 8.14