EUVD-2021-29097

Malicious code in bioql PyPI...

How to load unsigned or fake-signed apps on iOS

TL;DR Issues commonly arise when clients provide an application which is unsigned or does not meet device requirements. Installing an application can be challenging without a Mac, access to Xcode or if the client is having trouble signing the application manually as this is normally done by the a...

New TrollStore Tool Permanently Installs Apps on Non-Jailbroken iOS Devices

By Waqas TrollStore does not work on anything above iOS 15.5, and beta 4, not on iOS 15.5, not on version 15.6, and not on iOS 16. This is a post from HackRead.com Read the original post: New TrollStore Tool Permanently Installs Apps on Non-Jailbroken iOS Devices...

CVE-2021-42111

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code...

CVE-2020-35208

An issue was discovered in the LogMein LastPass Password Manager aka com.lastpass.ilastpass app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authentica...

Authentication flaw

An issue was discovered in the LogMein LastPass Password Manager aka com.lastpass.ilastpass app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authentica...

Authentication flaw

An issue was discovered in the LogMein LastPass Password Manager aka com.lastpass.ilastpass app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate wi...

Apple will now pay hackers up to $1 million for reporting vulnerabilities

Apple has just updated the rules of its bug bounty program by announcing a few major changes during a briefing at the annual Black Hat security conference yesterday. One of the most attractive updates is… Apple has enormously increased the maximum reward for its bug bounty program from $200,000 t...

Latest FinSpy Modules Lift Data from Secure Messaging Apps

The latest iOS and Android versions of the FinSpy espionage malware have been deployed in the wild, and are capable of collecting a raft of personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data – even from...

New FinSpy iOS and Android implants revealed ITW

Updated: 23.07.2019 After publication of this article, we received a letter from a representative of Gamma Group International Ltd. stating that they disposed of all interests in FinFisher FinSpy in 2013. This article has been corrected in accordance with this new information. According to...

CVE-2018-13434

An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric TouchID validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. ...

PT-2018-11821 · Line · Line

Name of the Vulnerable Software and Affected Versions: LINE application version 8.8.0 for iOS Description: An issue in the LINE application allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is...

Trojan Exploits Apple DRM Flaw And Can Plant Malware On Non-Jailbroken iOS Devices

Apple iOS devices are in the crosshairs of another malware attack that has already infected an estimated six million non-jailbroken iOS devices in China, according to researchers. Palo Alto Networks found the new malware called AceDeceiver that infects iOS devices via Windows PCs and which...

Espionage Campaign targets iOS devices with Malware apps

A malware campaign has been found targeting iOS devices linked to a wide range of entities, including European defense organizations, governments, and media sectors with dangerous espionage spyware capable of breaching non-jailbroken devices, a recent report claims. The spyware campaign, dubbed...

Your Facebook credentials at risk on Android - iOS jailbroken devices

Your Facebook credentials at risk on Android - iOS jailbroken devices Facebook allows its authentication credentials to be stored in plain text within the Apple iOS version of its mobile app, allowing an attacker complete control over your Facebook account if he knows where to look. Security...

Most advanced and dangerous malware for Apple products - why you should be concerned !

Most advanced and dangerous malware for Apple products - Why you should be concerned ! Indian security researcher from MalCon has created an advanced and dangerous malware for Apple products which can not only compromize your privacy but also steal important data and let hackers control your...

Most advanced and dangerous malware for Apple products - why you should be concerned !

Most advanced and dangerous malware for Apple products - Why you should be concerned ! Indian security researcher from MalCon has created an advanced and dangerous malware for Apple products which can not only compromize your privacy but also steal important data and let hackers control your...