CVE-2023-32290

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server...

SUSE CVE-2017-2373

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and...

SUSE CVE-2018-4089

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial o...

PT-2022-27961 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.2 iPadOS versions prior to 16.2 Description: The issue allows an app to potentially disclose kernel memory due to inadequate memory handling. This has been addressed with improved memory handling. Recommendations: For...

CVE-2021-20834

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

Code injection

wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character, it will cause the iO...

Telegram Heap Buffer Overflow Vulnerability

Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived VGradientCache :: generateGradientColorTable function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior t...

Hot Pepper Gourmet App fails to restrict access permissions

Overview Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execut...

Fingerprint authentication loophole exists in Traffic Control 12321 APP (ios version)

Traffic control 12123 is the official client of the Internet traffic safety comprehensive service management platform, powered by the Ministry of Public Security's Institute of Traffic Management Science. There is a fingerprint authentication loophole in the Traffic Control 12321 APP ios version,...

WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages

GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of th...

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2020-46335)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in iOS-based Mozilla Firefox prior to version 28. The vulnerability can be exploited by an attacker with the help of a malicious page to cause users to download illegal...

DuckDuckGo Application Information Disclosure Vulnerability

DuckDuckGo application is a privacy web browser application for mobile by DuckDuckGo Inc. in the United States. A security vulnerability exists in DuckDuckGo application version 5.58.0 and earlier Android and version 7.47.1.0 and earlier iOS. The vulnerability stems from a configuration or other...

Unable to use bluetooth keyboard on Workspace for iPad

All iPad users updated through air watch to the new version of Workspace for iOS 20.6.0. After the upgrade the bluetooth keyboards they were using no longer pass through to published desktops...

Secure Apps / SecureWeb Supportability with WkWebview framework

WkWebView is not supported in the following scenarios: Devices running iOS 10 or earlier. Setups configured for Full VPN Mode. Setups running Endpoint Management integration with EMS/Intune. Apps that use two instances of the WKWebView component simultaneously. If you are already using the Full V...

CVE-2020-3874

An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content...

CVE-2019-13667

Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers' Interaction

Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state. And when we say this, Signal Private Messenger—promoted as...

PT-2019-19147 · Apple +4 · Ios +5

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13 Safari versions prior to 13 Description: A logic issue was addressed with improved state management. Processing maliciously crafted web content may lead to universal cross site scripting. Recommendations: For iOS...

Safari Webkit Proxy Object Type Confusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Safari Webkit Proxy Object Type Confusion', 'Description' = %q This module exploits a type confusion bug in the Javascript Proxy object in WebKit...

CVE-2018-4361

A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...