iOS Mail bug allows remote zero-click attacks

On Monday, ZecOps released a report about a couple concerning vulnerabilities with the Mail app in iOS. These vulnerabilities would allow an attacker to execute arbitrary code in the Mail app or the maild process that assists the Mail app behind the scenes. Most concerning, though, is the fact th...

Windows10 Mount Point Mitigation & MS15-0 9 0 bypass-vulnerability warning-the black bar safety net

Symbolic Link vulnerability simple background description Symbolic Link is the Microsoft Windows System on one of the key mechanisms, from Windows NT3. 1 Introduction objects, and registry Symbolic Link, Microsoft from the Windows 2000 start also introduced the NTFS Mount Point and Directory...

Apple iOS 6.x < 6.1.6 'SSLVerifySignedServerKeyExchange' Certificate Validation Weakness

Binary data appleios616check.nbin...

Apple Safari Vulnerable to Buffer Overflow Exploit

Packet Storm made public today a proof-of-concept exploiting a known and patched heap buffer overflow vulnerability in Apple’s Safari browser. Packet Storm acquired the details of the exploit, which affects Safari version 6.0.1 and possibly earlier versions as well for iOS 6 and OS X 10.7 and 10....

Apple to Fix Malicious Fake USB Charger Flaw

Apple claims it will fix a previously disclosed flaw in the current iteration of its mobile operating system, iOS 6, that can allow hackers complete access to an iPhone or iPad via a fake USB charger. Reuters confirmed the impending fix Wednesday after speaking with Apple spokesman Tom Numayr at...

CVE-2013-4616

The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack th...

Design/Logic Flaw

The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack th...

CVE-2013-4616

The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack th...

Apple Sets May 1 End Date for Apps that Want UDIDs

Apple has implemented a deadline for when it will reject apps that access devices’ unique device identifier numbers, or UDIDs. Apple has been phasing out the 40-character string of letters and numbers over the last year, yet according to a post on Apple’s Developers site yesterday, this appears t...

Etsy for iPhone loophole allows attacker to hijack Accounts

Mohamed Ramadan from Attack-Secure discovered a critical vulnerability in Etsy's iPhone application. Etsy is a social commerce website focused on handmade or vintage items as well as art and craft supplies. Any attacker on the same network can sniff traffic including user password invisibly witho...

APPLE-SA-2012-09-19-1 iOS 6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch 4th generation and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the...

As iPhone 5 Launches, Hackers Explain Journey to Working Exploit on iOS 6

With tens of thousands camped in line today waiting for the Apple iPhone 5, hackers have already had their hands on the core iOS 6 operating system for some time. Two Dutch hackers managed to successfully beat Apple’s sturdy protections in place, and this week at the EUSecWest conference in...

CVE-2012-3746

UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem...

CVE-2012-3732

Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity...

Tightened Security, Regulated App Permissions in Store for iOS 6

In a move that will patch several loopholes with its iPhone, the newest iteration of Apple’s mobile operation system, iOS 6, will come with heightened security, it was revealed at the company’s Worldwide Developers Conference WWDC this week. Releasing this fall but currently available in beta, iO...

Are You 'Siri-less'? Security Firm Urges Closer Look at Popular Personal Assistant App

The Finland-based security firm F-Secure is warning companies to beware of Siri, the voice-activated personal assistant app that last month was banned by IBM for security purposes. The potential for Siri-based data disclosures was cited at a Helsinki press conference, in which F-Secure’s vice...