CVE-2026-49203

The CVE-2026-49203 entry concerns crucial management API endpoints for cellular eSIM allocation that do not validate caller authorization, enabling remote profiles to be rewritten or deleted. Affected behavior: unauthorized caller can modify eSIM profiles via management APIs. Root cause: missing ...

EUVD-2023-31916

Malicious code in bioql PyPI...

Stable Channel Update for ChromeOS / ChromeOS Flex

The ChromeOS Stable channel is being updated to OS version 16371.49.0 Browser version 140.0.7339.201 for most ChromeOS devices. If you find new issues, please let us know one of the following ways: 1. File a bug 2. Visit our ChromeOS communities 1. General: Chromebook Help Community 2. Beta...

eSIM Vulnerability in eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks

Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices...

CVE-2023-28208

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM...

CWA smartcard logon error 'Can’t read smart card' on client with SIM card

There is a client with 2 smart cards . A physical smart card and an integrated eSIM . When CWA Windows tries to autenticate with smartcard the user gets an error that says "Can't read smart card. Please contact your IT administrator" . If we remove the SIM card from the client , the authenticatio...

Navigating eSIM Policies and Regulations

By Owais Sultan eSIM technology is a promising innovation that offers a number of benefits over traditional SIM cards. This is a post from HackRead.com Read the original post: Navigating eSIM Policies and Regulations...

SMShell - Send Commands And Receive Responses Over SMS From Mobile Broadband Capable Computers

PoC for an SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers. This tool came as an insipiration during a research on eSIM security implications led by Markus Vervier, presented at Offensivecon 2023 Disclaimer This is not a complete C2 but rather...

CVE-2023-28208

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM...

Code injection

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM...

CVE-2023-28208

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM...

CVE-2023-28208

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM...

CVE-2023-28208

CVE-2023-28208 describes a logic issue in Apple platforms where a user could send a text from a secondary eSIM even when a contact was configured to use the primary eSIM. Affected: macOS Ventura 13.2, iOS 16.3, and iPadOS 16.3. Impact: potential unauthorized text sending within Messages; CVSS v3....

Apple macOS Ventura Security Vulnerability

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.2, which originates from the possibility of a user sending text from a secondary eSIM despite configuring the contact to use the primary eSIM...

PUB-A-211647233

In onCreate of VzwSetupActivity.java, there is a possible bypass of carrier network restrictions through ESIM due to a missing configuration check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Pixel Update Bulletin—April 2019Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel devices Google devices. For Google devices, security patch levels of 2019-04-05 or later address all issues in this bulletin and all issues in the April 2019 Android...

Soldering for Reverse Engineering. Swapping out eSIMs with “normal” SIMs

Sometimes, the mobile devices we work on only have cellular data connections. In those instances, we’re usually pretty interested in trying things like this to get credentials for the APN so we can start snooping around on that. We’re also really interested in monitoring what kind of traffic is...