WordPress plugin App Builder – Create Native Android & iOS Apps On The Flight 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

CVE-2021-28653

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware...

EUVD-2020-23827

Malware in sbrugna...

EUVD-2021-15322

Malware in sbrugna...

EUVD-2022-41768

Malicious code in bioql PyPI...

Over 40,000 iOS Apps Found Exploiting Private Entitlements, Zimperium

A new report from Zimperium is alerting users about growing threats facing iOS devices, particularly those tied to…...

Take my money: OCR crypto stealers in Google Play and App Store

Update 07.02.2025: Google removed malicious apps from Google Play. Update 06.02.2025: Apple removed malicious apps from the App Store. In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. Some of these scanned users' image galleries in search of...

CVE-2024-12402

CVE-2024-12402 impacts the Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress. The root cause is insecure direct object reference: the plugin does not properly validate a user’s identity before password updates in update_user_profile(), enabling unauthenticate...

PT-2024-5208

Name of the Vulnerable Software and Affected Versions: CocoaPods affected versions not specified Description: The issue is related to the CocoaPods dependency manager, specifically affecting older pods that migrated from the pre-2014 pull request workflow to trunk. If a pod had never been claimed...

[SECURITY] Fedora 38 Update: mvfst-2023.10.16.00-1.fc38

mvfst Pronounced move fast is a client and server implementation of IETF QU IC protocol in C++ by Facebook. QUIC is a UDP based reliable, multiplexed transp ort protocol that will become an internet standard. The goal of mvfst is to build a performant implementation of the QUIC transport protocol...

CVE-2022-39255

Summary (CVE-2022-39255): The Matrix iOS SDK (prior to 0.23.19) is vulnerable to protocol confusion between Megolm and Olm for to-device messages. An attacker collaborating with a malicious homeserver can craft messages that appear to come from another user, enabling impersonation and targeted at...

Spying on the spies. See what JavaScript commands get injected by in-app browsers

Developer and privacy expert Felix Krause aka KrauseFx announced this week that he had introduced a simple tool to list the JavaScript commands executed by iOS apps when they deployed an in-app web browser to render webpages. He already shared some eye-opening results on his Twitter feed. By...

Fuzzing iOS code on macOS at native speed

Or how iOS apps on macOS work under the hood Posted by Samuel Groß, Project Zero This short post explains how code compiled for iOS can be run natively on Apple Silicon Macs. With the introduction of Apple Silicon Macs, Apple also made it possible to run iOS apps natively on these Macs. This is...

Malicious SDK found spying & defrauding users through iOS apps

By Deeba Ahmed The malicious SDK is distributed by China-based firm Mintegral. This is a post from HackRead.com Read the original post: Malicious SDK found spying & defrauding users through iOS apps...

This Week in Security News: Trend Micro Acquires Cloud Conformity and Apple Removes Malicious iOS Apps from App Store

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s recent acquisition of Cloud Conformity. Also, read about a fake photo editing app on Google Play and the 17...

Vulnerable Twitter API Leaves Tens of Thousands of iOS Apps Open to Attacks

Researchers are warning that an old Twitter API still used by popular iOS mobile apps that could be abused as part of a man-in-the-middle attack. It could be used to hijack Twitter accounts and compromise other third-party apps that are linked to the same “login with Twitter” feature. According t...

Apple will let users run iOS apps on macOS

Apple is making it easier for mobile developers to port their iOS apps to the next-generation macOS Mojave desktop platform—a major step in bringing the two platforms closer together. However, at the same time, the company straightforward denied the idea of merging the iPhone and Mac operating...

XenMobile MDX Service

You can use the XenMobile MDX Service to prepare iOS and Android mobile apps by wrapping the apps with MDX, an app container technology. You then manage the apps with XenMobile. You can use the XenMobile MDX Service to wrap apps created within your organization or to wrap the Citrix XenMobile App...

Popular iOS Apps Vulnerable to TLS Interception Attacks

Dozens of iOS mobile banking, medical and other applications handling sensitive user information are vulnerable to man-in-the-middle attacks where TLS traffic can be intercepted. Of the 76 apps analyzed by Sudo Security Group, 19 are considered high-risk where financial or medical credentials, or...

iBackDoor: the suspected back door, the impact of the iOS app a high risk of code-bug warning-the black bar safety net

! Recently, FireEye Mobile Security researchers discovered embedded into the iOS app in the suspected“back door”behavior mobiSage advertising in the library, and these applications are from the App Store. The researchers will be the potential of the back door called iBackDoor, allowing hackers...