471 matches found
XcodeGhost iOS App Malware Contained
Concern over the so-called XcodeGhost malware has put the security of Apple’s App Store on the front page. While the App Store was not hacked, attackers did manage to append malicious code to a number of popular apps—most of those developed in China—and find a loophole in Apple’s code-scanning to...
Warning! Popular Apple Store Apps Infected with Data-Theft Malware
Unlike Google Play Store, Apple App Store is well known for not allowing any malformed apps to enter its Apple ecosystem because of its tight security checks. But, not anymore. Hundreds of malicious apps managed to get hosted on Apple's official App store and subsequently downloaded by several...
Apple Patches iOS Ins0mnia Vulnerability
Apple’s monster security update of Aug. 13 included a patch for an iOS vulnerability that could beacon out location data and other personal information from a device, even if a particular task has been shut off by the user. A mobile app exploiting this vulnerability could also look benign enough ...
Android Dolphin Browser remote code execution-vulnerability warning-the black bar safety net
The attacker has the ability to by Android the Dolphin Browser to control the user's network communication data, you can modify the download and application browser new theme function. By using this function, an attacker can write arbitrary files, these files will be in the user device browser...
APPLE-SA-2015-08-13-4 OS X Server v4.1.5
APPLE-SA-2015-08-13-4 OS X Server v4.1.5 OS X Server v4.1.5 is now available and addresses the following: BIND Available for: OS X Yosemite v10.10.5 or later Impact: A remote attacker may be able to cause a denial of service Description: An assertion issue existed in the handling of TKEY packets...
The Apple APP Store and the iTunes Store exposed high-risk vulnerabilities-vulnerability warning-the black bar safety net
The official Apple App Store and iTunes Store found in a high-risk vulnerability, affecting millions of Apple users. Vulnerability Labs Vulnerability-Lab founder and security researcher Benjamin Kunz Mejri in the Apple App Store shopping list module found in an application-side input validation w...
Critical Persistent Injection Vulnerability in Apple App Store and iTunes
A critical vulnerability has been discovered in the official Apple’s App Store and iTunes Store, affecting millions of Apple users. Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in the...
Zero-Day Exploits for Stealing OS X and iOS Passwords
I think you'll agree with me when I say: Apple devices are often considered to be more safe and secure than other devices that run on platforms like Windows and Android, but a recent study will make you think twice before making this statement. A group of security researchers have uncovered...
Spy Agencies Hijack Google Play Store to Install Spyware on Smartphones
I have an Android phone with a five different gmail accounts configured in it. But what if any one of them get compromised via phishing, malware or any other way? The Hacker would be able to access my Google account and obviously Google Play Store account too, which allows anyone to install any...
Amazon App Store Cross-Site Scripting Vulnerability
The Amazon App Store is a set of application stores from Amazon.com, Inc. in the United States. A cross-site scripting vulnerability exists in Amazon App Store. An attacker can exploit the vulnerability to execute arbitrary script code in the browser of a trusted user in the context of the affect...
Amazon App Store Remote Code Execution Vulnerability
The Amazon App Store is a set of application stores from Amazon.com, Inc. in the United States. A remote code execution vulnerability exists in Amazon App Store. An attacker can exploit the vulnerability to execute arbitrary code in the context of an affected application...
Amazon App Store Security Bypass Vulnerability
The Amazon App Store is a set of application stores from Amazon.com, Inc. in the United States. A security bypass vulnerability exists in Amazon App Store. An attacker can perform unauthorized operations by conducting a man-in-the-middle attack...
(Mobile Pwn2Own) Amazon App Store Search String Cross-Site Scripting Vulnerability
This vulnerability allows remote attackers to inject scripts on Amazon Fire Phone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the search string variable. Starting the string wi...
(Mobile Pwn2Own) Amazon App Store JavaScript Bridge Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on Amazon Fire Phone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the methods that were exposed to the...
Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers
A critical vulnerability resides in AFNetworking could allow an attacker to cripple the HTTPS protection of 25,000 iOS apps available in Apple's App Store via man-in-the-middle MITM attacks. AFNetworking is a popular open-source code library that lets developers drop networking capabilities into...
Apple Extends Two-Factor Authentication to iMessage, FaceTime
Apple extended two-factor authentication 2FA yesterday to its iMessage and FaceTime services, adding an extra layer of security to the popular iOS apps. The move, which Apple has taken to calling “two-step verification,” follows the company’s enabling of 2FA on its iCloud storage service back in...
CVE-2014-4499
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file...
Design/Logic Flaw
The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file...
CVE-2014-4499
CVE-2014-4499 affects the CommerceKit Framework on OS X Yosemite prior to 10.10.2. The App Store process could log Apple ID credentials in App Store logs, enabling local users to read sensitive information from a file. Mitigation per the sources is to apply the OS X 10.10.2 security update (Apple...
Apple MAC OS X Yosemite App Store Log Information Disclosure Vulnerability
Apple MAC OS X Yosemite is the latest operating system developed by Apple. Apple MAC OS X Yosemite suffers from a security vulnerability in the handling of App Store logs that allows an attacker with access to the system to recover Apple ID authentication credentials to obtain sensitive log...