CVE-2020-11008

Technical details for CVE-2020-11008 are not present in the provided connected documents. The sources discuss related CVEs and general Git credential leakage vectors but do not specify affected versions, root cause, fixes, or exploitation status for this CVE. Monitor for updates.

QIWI: Keychain data persistence may lead to account takeover

Summary When user deletes Qiwi iOS application Keychain isn't wiped and on first Qiwi launch after re-installation Keychain isn't wiped as well. It allows an attacker possible buyer of second hand Iphone to takeover account. Steps to reproduce 1. Find somebody who uses Qiwi phone enumeration may...

iPhone Zero-Days Anchored Watering-Hole Attacks

A total of 14 iPhone vulnerabilities – including two that were zero-days when discovered — have been targeted by five exploit chains in a watering hole attack that has lasted years. The watering holes deliver a spyware implant that can steal private data like iMessages, photos and GPS location in...

Objection v1.6.6 - Runtime Mobile Exploration

objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. Note: This is not some form of jailbreak / root bypass. By using objection, yo...

The Shenanigans Behind a Stealthy Apple Keychain Attack

An 18-year-old security researcher made headlines earlier this year with KeySteal, a macOS hack. Now he's showing the world how it worked...

Find the macOS keychain vulnerability of the 18-year-old boy decided to Apple announced all the details-vulnerability warning-the black bar safety net

In no, get Apple any remuneration case, Linus Henze decided to Apple filed for in the macOS keychain（Keychain）security software found a serious BUG. Before he choose to hide the BUG detail, to protest against Apple why not for the macOS platform starts Bug Bounty reward activities, but now he...

MacOS Zero-Day Exposes Apple Keychain Passwords

A researcher claims to have found a new Apple zero-day impacting macOS that could allow an attacker to extract passwords from a targeted Mac’s keychain password management system. However, the researcher refuses to disclose the alleged vulnerability citing Apple’s lack of macOS bug bounty program...

CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...

CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...

Authentication flaw

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...

CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...

CVE-2018-6975

The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted...

com.getdropbox.Dropbox app for iOS authentication bypass vulnerability

com.getdropbox.Dropbox app for iOS is an online collaboration app for managing documents based on the iOS platform. A security vulnerability exists in com.getdropbox.Dropbox app for iOS based platforms that stems from the program failing to use the kSecAccessControlUserPresence protection...

CVE-2018-4225

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local...

CVE-2018-4225

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local...

Code injection

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local...

CVE-2018-4225

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local...

CVE-2018-4225

CVE-2018-4225 affects multiple Apple platforms including iOS before 11.4, macOS before 10.13.5, iCloud for Windows before 7.5, iTunes for Windows before 12.7.5, and watchOS before 4.3.1. The issue, in the Security/Keychain component, allows a local user to bypass restrictions on Keychain state mo...

Apple iTunes Security Updates (HT208852)

Apple iTunes is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes"; ifdescription...

Multiple Apple Product Status Management Vulnerabilities (CNVD-2018-12250)

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. Security ...