183 matches found
Massive Ad Fraud Scheme Shut Down: 11 Million Phones Targeted
By Waqas The ad fraud was discovered while the researchers were investigating an iOS application that had been heavily impacted by an app spoofing attack. This is a post from HackRead.com Read the original post: Massive Ad Fraud Scheme Shut Down: 11 Million Phones Targeted...
Design/Logic Flaw
Insufficiently protected credentials in the IntelR Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access...
CVE-2022-30296
Insufficiently protected credentials in the IntelR Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access...
Intel® Datacenter Group Event App Advisory
Summary: A potential security vulnerability in Intel® Datacenter Group Event iOS application may allow information disclosure. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for the Intel® Datacenter Group Event iOS...
CVE-2022-23625 DoS vulnerability: Malformed Resource Identifiers
Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and...
Banco Guayaquil 8.0.0 Cross Site Scripting Vulnerability
Banco Guayaquil for iOS version 8.0.0 suffers from a script insertion vulnerability where a user can insert malicious code into their own name and could possibly be leveraged for attacks upstream. Document Title: =============== Banco Guayaquil Versión 8.0.0 IOS - Cross Site Scripting Stored...
CVE-2021-3179
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...
CVE-2021-3179
CVE-2021-3179 concerns the GGLocker iOS app, where an insecure data storage of the password hash enables an authentication bypass. The entry is corroborated by multiple sources in connected documents (NVD, Red Hat, CVE lists). Affected software: GGLocker iOS application. Underlying issue: insecur...
Notex the best notes 6.4 - Denial of Service (PoC)
Exploit Title: Notex the best notes 6.4 - Denial of Service PoC Date: 06-14-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/notex-the-best-notes/id847994217 Version: 6.4 Category: DoS iOS Vulnerability Notex – the best notes is vulnerable to a DoS condition when a long lis...
Telegram Stack Overflow Vulnerability (CNVD-2021-38308)
Telegram is an instant messaging mobile application. A stack overflow vulnerability exists in the custom derived graysplitcubic function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can exploit this...
Telegram Denial of Service Vulnerability
Telegram is an instant messaging mobile application. A denial of service vulnerability exists in the MtProtoKitFramework of the Telegram app for iOS version 7.6.2. An authenticated, remote attacker can exploit the vulnerability to cause a denial of service...
CIRA Canadian Shield iOS Application - Man-In-The-Middle SSL Certificate Vulnerability
CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability CVE-2021-27189 -- https://www.info-sec.ca/advisories/CIRA-Canadian-Shield.html Overview "CIRA Canadian Shield protects you from online threats such as malicious domains, phishing websites and helps to keep your personal dat...
Shopify: Low Privileged user can add or remove cash to/from sales register
Low privileged user having no access to Shopify POS and very low permission set is not allowed to add cash to the sales register or remove cash from the sales register. But missing server-side permission checks on the vulnerable request allows a low privileged user to do this. A low privileged ca...
Security Bulletin: MaaS360 has identified a vulnerability in the MaaS360 iOS Application. (CVE-2019-4735)
Summary A vulnerability was identified and remediated in the IBM MaaS360 for iOS Application Version 3.96.62. Vulnerability Details CVEID: CVE-2019-4735 DESCRIPTION: IBM MaaS360 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outsi...
CVE-2019-15611
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...
CVE-2019-15614
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files...
Zomato: [www.zomato.com] Availing Zomato Gold membership for free by tampering plan id(s)
Summary: Get free zomato gold membership using zomato iOS app. Description: add more details about this vulnerability 1 Login to the zomato iOS application. 2 Select zomato gold from the home screen. 3 Depending on your location, you will see different gold pack options. 4 Select any gold pack. 5...
Path Traversal in cordova-plugin-ionic-webview
Versions of cordova-plugin-ionic-webview prior to 2.2.0 are vulnerable to Path Traversal, allowing attackers access to OS local files that should be inaccessible by third-party applications. The package launches a webserver listening on http://localhost:8080 without restricting access of the app...
CVE-2018-13434
An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric TouchID validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. ...
Hardcoded credentials
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...