CVE-2022-3337 Lock WARP switch bypass by removing VPN profile on iOS mobile client

It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/lock-warp-switch feature being enabled on Zero Trust Platform. This led to...

Frida-Ios-Hook - A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform

A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform.  For Android platform: frida-android-hook  For Intercept Api was encrypted on iOS application: frida-ios-interceprt-api Env OS Support OS |...

CVE-2022-23625

Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and...

CVE-2022-23625 DoS vulnerability: Malformed Resource Identifiers

Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and...

CVE-2022-23625

CVE-2022-23625 affects Wire-ios on Apple iOS prior to version 3.95. Malformed resource identifiers can be generated and sent between Wire users, causing the iOS Wire Client to repeatedly crash on launch (DoS-like impact). The root cause is in the wire-ios-transport component, where code that remo...

The vulnerability of the USACBitstreamReader function in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS allows attackers to disclose protected information.

The vulnerability of the USACBitstreamReader function in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...

Wire wire-ios data forgery issue vulnerability

Wire is a chat software by an individual developer. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original way of saying hello, PING. A data forgery vulnerability exists in Wire wire-ios 3.8.0 and earlier versions...

Apple Exec Calls Level of Mac Malware ‘Unacceptable’

Apple is using the growing threat of malware on its Mac platform as a defense in a lawsuit that could force the company to open up new channels of applications for its mobile iOS platform. In testimony in a California court Wednesday, Apple head of software engineering, Craig Federighi called the...

Multiple vulnerabilities exist in operating systems such as Mac OS X, iOS, tvOS, the browser Safari, the multimedia player iTunes for Windows, and the iCloud service for Windows. These vulnerabilities involve the use of memory after it has been freed, allowing an attacker to execute arbitrary code.

Multiple vulnerabilities exist in operating systems such as Mac OS X, iOS, tvOS, the browser Safari, the multimedia player iTunes for Windows, and the iCloud service for Windows. These vulnerabilities are related to the use of memory after it is freed. Exploitation of these vulnerabilities could...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2020-41083)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in previous versions of Mozilla Firefox 26 for iOS-based platforms. An attacker could exploit the vulnerability to obtain a security token used for bridging...

The vulnerability of the rendering module in WebKit operating systems for iOS, tvOS, the multimedia player iTunes for Windows, the browser Safari, and the iCloud for Windows service allows a hacker to execute arbitrary code.

The vulnerability of the rendering module in WebKit operating systems for iOS, tvOS, the multimedia player iTunes for Windows, the browser Safari, and the iCloud for Windows service is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a...

CVE-2019-8574

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges...

iChain Insurance Wallet App for iOS Directory Traversal Vulnerability

iChain Insurance Wallet App for iOS is an e-wallet application based on the iOS platform. A directory traversal vulnerability exists in iChain Insurance Wallet App for iOS. A remote attacker can gain access to arbitrary files, such as those associated with an application on an iOS device...

Design/Logic Flaw

On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. ThreatMetrix is a security library for mobile applications, which aims to provide fraud preventi...

CVE-2018-10812

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/sharedprefs/com.bitpiepreferences.xml on Android or a plist file in the app data folder on iO...

Fatal vulnerability will allow an attacker to bypass Apple's OTR signature verification and steal your iCloud keychain information-vulnerability warning-the black bar safety net

! Background content In the analysis of the iOS platform and sandbox escape about the attack surface when we in the iCloud keychain sync feature of OTR implementation has discovered a serious security vulnerability. iCloud keychain sync feature allows users in a secure manner across the device to...

CVE-2017-5906

The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

iOS/OS X平台下syslogd的堆缓冲区溢出

No description provided by source...

niconico App for iOS fails to verify SSL server certificates

Overview niconico App for iOS provided by DWANGO Co., Ltd. fails to verify SSL server certificates. AOKI Keiichi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attack...

HTTP Request Hijacking Attacks Threaten Mobile Apps

Thousands of mobile apps developed for the Apple iOS platform can be forced to display phony, even malicious content, because of a vulnerability that allows an attacker to redirect traffic to a third-party site and persistently serve content from that location. Researchers from Israeli mobile...