Lucene search
K

471 matches found

ThreatPost
ThreatPost
added 2015/09/21 1:0 p.m.19 views

XcodeGhost iOS App Malware Contained

Concern over the so-called XcodeGhost malware has put the security of Apple’s App Store on the front page. While the App Store was not hacked, attackers did manage to append malicious code to a number of popular apps—most of those developed in China—and find a loophole in Apple’s code-scanning to...

7.2AI score
Exploits0References5
The Hacker News
The Hacker News
added 2015/09/21 12:7 a.m.16 views

Warning! Popular Apple Store Apps Infected with Data-Theft Malware

Unlike Google Play Store, Apple App Store is well known for not allowing any malformed apps to enter its Apple ecosystem because of its tight security checks. But, not anymore. Hundreds of malicious apps managed to get hosted on Apple's official App store and subsequently downloaded by several...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2015/08/26 2:26 p.m.6 views

Apple Patches iOS Ins0mnia Vulnerability

Apple’s monster security update of Aug. 13 included a patch for an iOS vulnerability that could beacon out location data and other personal information from a device, even if a particular task has been shut off by the user. A mobile app exploiting this vulnerability could also look benign enough ...

6.9AI score
Exploits0References4
myhack58
myhack58
added 2015/08/25 12:0 a.m.34 views

Android Dolphin Browser remote code execution-vulnerability warning-the black bar safety net

The attacker has the ability to by Android the Dolphin Browser to control the user's network communication data, you can modify the download and application browser new theme function. By using this function, an attacker can write arbitrary files, these files will be in the user device browser...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/08/17 12:0 a.m.94 views

APPLE-SA-2015-08-13-4 OS X Server v4.1.5

APPLE-SA-2015-08-13-4 OS X Server v4.1.5 OS X Server v4.1.5 is now available and addresses the following: BIND Available for: OS X Yosemite v10.10.5 or later Impact: A remote attacker may be able to cause a denial of service Description: An assertion issue existed in the handling of TKEY packets...

7.8CVSS7.1AI score0.91284EPSS
Exploits12
myhack58
myhack58
added 2015/07/30 12:0 a.m.19 views

The Apple APP Store and the iTunes Store exposed high-risk vulnerabilities-vulnerability warning-the black bar safety net

The official Apple App Store and iTunes Store found in a high-risk vulnerability, affecting millions of Apple users. Vulnerability Labs Vulnerability-Lab founder and security researcher Benjamin Kunz Mejri in the Apple App Store shopping list module found in an application-side input validation w...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2015/07/27 10:13 p.m.13 views

Critical Persistent Injection Vulnerability in Apple App Store and iTunes

A critical vulnerability has been discovered in the official Apple’s App Store and iTunes Store, affecting millions of Apple users. Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in the...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2015/06/18 9:49 p.m.12 views

Zero-Day Exploits for Stealing OS X and iOS Passwords

I think you'll agree with me when I say: Apple devices are often considered to be more safe and secure than other devices that run on platforms like Windows and Android, but a recent study will make you think twice before making this statement. A group of security researchers have uncovered...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2015/05/21 2:51 a.m.17 views

Spy Agencies Hijack Google Play Store to Install Spyware on Smartphones

I have an Android phone with a five different gmail accounts configured in it. But what if any one of them get compromised via phishing, malware or any other way? The Hacker would be able to access my Google account and obviously Google Play Store account too, which allows anyone to install any...

6.8AI score
Exploits0
CNVD
CNVD
added 2015/05/19 12:0 a.m.2 views

Amazon App Store Cross-Site Scripting Vulnerability

The Amazon App Store is a set of application stores from Amazon.com, Inc. in the United States. A cross-site scripting vulnerability exists in Amazon App Store. An attacker can exploit the vulnerability to execute arbitrary script code in the browser of a trusted user in the context of the affect...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2015/05/19 12:0 a.m.2 views

Amazon App Store Remote Code Execution Vulnerability

The Amazon App Store is a set of application stores from Amazon.com, Inc. in the United States. A remote code execution vulnerability exists in Amazon App Store. An attacker can exploit the vulnerability to execute arbitrary code in the context of an affected application...

8.4AI score
Exploits0References1
CNVD
CNVD
added 2015/05/19 12:0 a.m.3 views

Amazon App Store Security Bypass Vulnerability

The Amazon App Store is a set of application stores from Amazon.com, Inc. in the United States. A security bypass vulnerability exists in Amazon App Store. An attacker can perform unauthorized operations by conducting a man-in-the-middle attack...

6.8AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2015/04/29 12:0 a.m.15 views

(Mobile Pwn2Own) Amazon App Store Search String Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to inject scripts on Amazon Fire Phone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the search string variable. Starting the string wi...

7.5CVSS1.2AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2015/04/29 12:0 a.m.23 views

(Mobile Pwn2Own) Amazon App Store JavaScript Bridge Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on Amazon Fire Phone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the methods that were exposed to the...

6.8CVSS7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2015/04/25 1:36 a.m.16 views

Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers

A critical vulnerability resides in AFNetworking could allow an attacker to cripple the HTTPS protection of 25,000 iOS apps available in Apple's App Store via man-in-the-middle MITM attacks. AFNetworking is a popular open-source code library that lets developers drop networking capabilities into...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2015/02/13 11:14 a.m.12 views

Apple Extends Two-Factor Authentication to iMessage, FaceTime

Apple extended two-factor authentication 2FA yesterday to its iMessage and FaceTime services, adding an extra layer of security to the popular iOS apps. The move, which Apple has taken to calling “two-step verification,” follows the company’s enabling of 2FA on its iCloud storage service back in...

1.1AI score
Exploits0References3
NVD
NVD
added 2015/01/30 11:59 a.m.18 views

CVE-2014-4499

The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file...

2.1CVSS5.1AI score0.00349EPSS
Exploits0References3
Prion
Prion
added 2015/01/30 11:59 a.m.20 views

Design/Logic Flaw

The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file...

2.1CVSS5.5AI score0.00349EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/01/30 11:0 a.m.58 views

CVE-2014-4499

CVE-2014-4499 affects the CommerceKit Framework on OS X Yosemite prior to 10.10.2. The App Store process could log Apple ID credentials in App Store logs, enabling local users to read sensitive information from a file. Mitigation per the sources is to apply the OS X 10.10.2 security update (Apple...

2.1CVSS2.8AI score0.00349EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/01/30 12:0 a.m.5 views

Apple MAC OS X Yosemite App Store Log Information Disclosure Vulnerability

Apple MAC OS X Yosemite is the latest operating system developed by Apple. Apple MAC OS X Yosemite suffers from a security vulnerability in the handling of App Store logs that allows an attacker with access to the system to recover Apple ID authentication credentials to obtain sensitive log...

2.1CVSS6.7AI score0.00349EPSS
Exploits0References1
Rows per page
Query Builder