Zerodium Offers $500K for Secure Messaging App Zero Days

Zerodium, a vendor operating in the nebulous exploit acquisition market, has put a premium on zero-day vulnerabilities in secure messaging applications in a new pricing structure announced today. Remote code execution and local privilege elevation zero days in messaging apps such as WhatsApp,...

needle - The iOS Security Testing Framework

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Description Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and...

Error: "Untrusted Enterprise Developer" When Launching Secure Apps on iOS

Users who have upgraded their Apple devices to iOS 9 are unable to launch Secure Apps. The apps appear to be greyed out. When the user clicks on Secure Apps, the following error message is displayed: “Untrusted Enterprise Developer” Users with older iOS versions are prompted to trust the...

Apple iOS 9.x < 9.1 Multiple Vulnerabilities

Binary data 9442.prm...

Apple iOS 9.x < 9.3 RCE

Binary data 9443.prm...

SideStepper iOS MDM Security Attack

Apple’s Developer Enterprise Program has been abused in the recent past to push malicious apps onto iOS devices, most notably with the WireLurker, XcodeGhost and YiSpecter attacks. In all three cases, attackers legitimately obtained certificates under the program, which is available to enterprise...

iOS song of ice and fire fan outside the post - App Hook the Q & A and iOS 9 bash shell-vulnerability warning-the black bar safety net

In the previous Chapter we talked about in a non-jailbreak iOS on the App Hook. Using this technique, you can be in a non-jailbreak iOS on the system to achieve a variety of hook features, e.g., micro-channel auto-grab a red envelope, the automatic chat robot, game plug-in, etc. But because of...

Hackers WIN $1 Million Bounty for Remotely Hacking latest iOS 9 iPhone

Well, here's some terrible news for all Apple iOS users… Someone just found an iOS zero-day vulnerability that could allow an attacker to remotely hack your iPhone running the latest version of iOS, i.e. iOS 9. Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium, a...

iOS core application design vulnerability that exposed the user's Apple ID credentials-vulnerability warning-the black bar safety net

! Check Point alert of the Apple iOS to the core application may be exposed to user credentials. Fortunately iOS 9 contains the relevant patch. Apple ID the ios operating system specifically for user provides convenience to users themselves through an Apple ID to manage the device. Now, iOS marke...

Untethered Jailbreak for iOS 9.0, 9.0.1 and 9.0.2 Released

The Chinese Pangu jailbreak team has once again surprised everyone by releasing the first untethered jailbreak tool for iOS 9 – iOS 9.0, iOS 9.0.1, and iOS 9.0.2. The untethered jailbreak is a jailbreak where your device don't require any reboot every time it connects to an external device capabl...

iOS 9 vulnerability: using Siri to bypass the lock screen to access private pictures and contacts-vulnerability warning-the black bar safety net

! A hacker found a new, very simple method, which utilizes Apple's personal assistant Siri, bypassing running iOS 9 lockscreen iOS devices iPhone, iPad, or iPod touch a secure mechanism, which makes an attacker in 3 0 seconds, perhaps less time will be able to access the device photos and contact...

iOS 9 Hack: How to Access Private Photos and Contacts Without a Passcode

Setting a passcode on your iPhone is the first line of defense to help prevent other people from accessing your device. However, it's pretty easy for anyone to access your personal photographs and contacts from your iPhone running iOS 9 in just 30 seconds or less, even with a passcode and/or Touc...

Zerodium Hosts Million-Dollar iOS 9 Bug Bounty

Exploit vendor Zerodium, a company started by VUPEN founder Chaouki Bekrar, today announced it will host a month-long million-dollar bug bounty focused on Apple iOS 9. Bekrar said in a statement there is a $3 million pool available for the bounty, which will close on Oct. 31 or earlier if the tot...

WIN $1 Million Bounty For Hacking the New iOS 9 iPhone

Good news for Hackers and Bug hunters! You can now WIN 1 Million Dollars for finding zero-day hacks for iPhones and iPads. Yes, $1,000,000.00 Reward This Huge Bug Bounty is offered by the new Security firm Zerodium, a startup of the infamous French-based Security firm "VUPEN", who is well known f...

CVE-2015-5880

CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app...

CVE-2015-5856

The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL...

Code injection

Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app...

Hardcoded credentials

The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL...

CVE-2015-5842

XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors...

CVE-2015-5835

Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme...