iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References

iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References When deserializing a class with initWithCoder, subclasses of that class can also be deserialized so long as they do not override initWithCoder and implement all methods that require a concrete implementation...

iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References

When deserializing a class with initWithCoder, subclasses of that class can also be deserialized so long as they do not override initWithCoder and implement all methods that require a concrete implementation. PFArray is such a subclass of NSArray. When a PFArray is deserialized, it is deserialize...

macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances

When deserializing NSObjects with the NSArchiver API 1, one can supply a whitelist of classes that are allowed to be unarchived. In that case, any object in the archive whose class is not whitelisted will not be deserialized. Doing so will also cause the NSKeyedUnarchiver to "requireSecureCoding"...

Apple watchOS Messages has an unspecified vulnerability

Apple watchOS is an operating system for smartwatches from Apple Inc. Messages is an application component for sending text, photos and videos. A security vulnerability exists in the Messages component in Apple watchOS versions prior to 5.3. After being removed from an iMessage call, an attacker...

Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read Exploit

The digital touch iMessage extension can read out of bounds if a malformed Tap message contains a color array that is shorter than the points array and delta array. The method ETTapMessage initWithArchiveData: checks that the points array is twice as long as the deltas array, but only checks that...

Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read

Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read The digital touch iMessage extension can read out of bounds if a malformed Tap message contains a color array that is shorter than the points array and delta array. The method ETTapMessage initWithArchiveData: checks that the...

Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read

The digital touch iMessage extension can read out of bounds if a malformed Tap message contains a color array that is shorter than the points array and delta array. The method ETTapMessage initWithArchiveData: checks that the points array is twice as long as the deltas array, but only checks that...

Apple Disables Walkie-Talkie App Due to Eavesdropping Flaw

Apple has temporarily disabled the Walkie-Talkie feature from the Apple Watch due to a vulnerability that could allow potential attackers to eavesdrop in on iPhone calls, a TechCrunch report said. The Apple Watch Walkie-Talkie app allows users to converse with friends in real-time, without having...

Apple Patches iMessage Bug That Bricks iPhones with Out-of-Date Software

Apple patched a high-severity iMessage bug found by Google Project Zero that can be exploited by an attacker who sends a specially-crafted message to a vulnerable iOS device. Those iPhones receiving the malicious message are rendered inoperable, or bricked. Apple patched the bug with the release ...

Zerodium is paying $2 million for Apple iOS remote jailbreak

By Waqas Zerodium, an infosec and premium zero-day acquisition platform known for selling zero-day exploits to governments has announced that it will be paying a huge amount of money to buy iOS remote jailbreak and exploits related to WhatsApp, iMessage, or SMS/MMS. See: Zerodium uses Twitter to...

Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online ch...

Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online ch...

Zerodium Raises Zero-Day Payout Ceiling to $2M

Exploit acquisition vendor Zerodium said Monday that it is upping its payouts for full, working exploits across its entire program. It’s now paying $2 million for remote iOS jailbreaks, $1 million for WhatsApp/iMessage/SMS/MMS remote code-execution RCE and a half-million for Google Chrome RCEs. T...

How to Restore Your Mac to Factory Settings

Restoring your Mac to the factory settings can help fix problems if nothing else has worked. You should also restore your Mac to the factory settings before giving away or selling it to get rid of all your personal files and information. Because following the instructions below will wipe out all ...

What we’ve got here is failure to communicate: OS vendors misread CPU docs, create flaw

In a memorable scene from “Jumpin’ Jack Flash,” Whoopi Goldberg struggles to understand the lyrics of the eponymous song from the Rolling Stones, as she pleads: “Mick, Mick, Mick, speak English!” It appears that multiple operating system vendors had similar trouble interpreting Intel and AMD...

Apple Promises Fix for Latest ‘Text Bomb’ Bug As Abuse Spreads

UPDATE Apple said it is working on a fix for the latest text bomb bug that crashes a number of iOS and Mac apps that display specific Telugu language characters. On Monday, it made good on the promise and announced the availability of a patch CVE-2018-4124 for iOS 11.2.6, watchOS 4.2.3, tvOS...

Apple Preps ChaiOS iMessage Bug Fix for Next Week

UPDATE The so-called ChaiOS message bug identified this week in Apple iOS devices will receive a fix with the rollout of the update for iOS 11.2.5, expected next week. The update will address a flaw software developer Abraham Masri publicly identified in a tweet earlier this week, according to...

EggShell - iOS/macOS Remote Administration Tool

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures,...

You Can Crash Anyone's iPhone Or iPad With A Simple Emoji Text Message

A newly discovered bug in Apple's iOS mobile operating system is being exploited in a prank that lets anyone crash your iPhone or iPad by just sending an emoji-filled iMessage, according to several reports. YouTube star EverythingApplePro published a video highlighting a sequence of characters th...

iOS 10 iMessage character crash Bug again-vulnerability warning-the black bar safety net

! Recently, hacker@vincedes3 found a from iOS 8 to iOS 10.2.1 b2 universal iMessage character crash Bug, the Bug also utilizes the iOS 8 iMessage SMS Bug of a similar technique, a section of malicious code sent to the victims, the victims in receiving SMS, browse SMS can be caught, then the SMS...