Lockscreen delay bypass in Firefox OS — Mozilla

Frederik Braun of Mozilla discovered a bug in the lockscreen state logic that allows an attacker to bypass the lockscreen delay. The delay was introduced to make it harder to brute-force the passcode lock of a Firefox OS device when an attacker has gained physical access. A successful attack woul...

Lockscreen passcode bypass due to race condition — Mozilla

Shally Li was first to report a race condition in the lockscreen of Firefox OS that can be used to bypass the passcode lock of a Firefox OS device. Under certain circumstances on a locked device, the user will be dropped directly to the homescreen instead of being presented with the passcode inpu...

Apple Patches 100+ Vulnerabilities in OS X, Safari, iOS

UPDATE Apple pushed out its latest operating system, El Capitan, yesterday, and while it boasts many security fixes, the update fails to address the outstanding vulnerability in Gatekeeper that came to light this week. The issue with Gatekeeper, as described yesterday by Patrick Wardle, the...

CVE-2015-3860

packages/Keyguard/res/layout/keyguardpasswordview.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers ...

Design/Logic Flaw

packages/Keyguard/res/layout/keyguardpasswordview.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers ...

CVE-2015-3860

packages/Keyguard/res/layout/keyguardpasswordview.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers ...

'The Hacker News' Weekly Roundup — 14 Most Popular Stories

To make the last week’s top cyber security threats and challenges available to you in one shot, we are once again here with our weekly round up. Last week, we came across lots of cyber security threats like the XCodeGhost malware in Apple’s App Store and lockscreen bypass bug in iOS 9 and iOS 9.0...

Latest iOS 9.0.1 Update Failed to Patch Lockscreen Bypass Hack

iOS 9.0.1 – Apple's first update to its new iOS 9 mobile operating system, came out on Wednesday, addressed several bugs in its software. However, unfortunately, it seems that the latest update iOS 9.0.1 doesn't fix the lock screen bypass vulnerability reported by iPhone user Jose Rodriguez. Yes,...

Android Lockscreen Bypass Security Patch

Boredom led John Gordon to discover a technique that bypassed the lockscreen on his Android device. By entering a long string of random characters into the password field after opening the phone’s camera app, Gordon said he was able to get to the home screen and eventually access anything stored ...

Android Settings Remove Device Locks (4.0-4.3)

This module exploits a bug in the Android 4.0 to 4.3 com.android.settings.ChooseLockGeneric class. Any unprivileged app can exploit this vulnerability to remove the lockscreen. A logic flaw / design error exists in the settings application that allows an Intent from any application to clear the...

SUSE SLED12 / SLES12 Security Update : gnome-settings-daemon (SUSE-SU-2015:0515-1)

gnome-settings-daemon was updated to fix a bug and a security issue : Security issue fixed : - CVE-2014-7300: The lockscreen can be bypassed with the Print Screen button. Bug fixed : - Do not hide the cursor while there was no mutter running bsc905158. Note that Tenable Network Security has...

SUSE-SU-2015:0515-1 Security update for gnome-settings-daemon

gnome-settings-daemon was updated to fix a bug and a security issue: Security issue fixed: - CVE-2014-7300: The lockscreen can be bypassed with the Print Screen button. Bug fixed: - Do not hide the cursor while there was no mutter running bsc905158...

DEBIAN-CVE-2013-4509

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen...

CVE-2013-4509

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen...

CVE-2013-4509

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen...

PT-2013-5049 · Gnome +2 · Gnome +2

Name of the Vulnerable Software and Affected Versions: IBUS versions 1.5.2 through 1.5.4 Description: The default configuration of IBUS, when used with GNOME 3 and IBus.InputPurpose.PASSWORD is not set, does not obscure the entered password characters. This allows physically proximate attackers t...

iPhone Fingerprint scanner hack allows attacker to hijack Apple ID using Flight Mode

A German security firm SRL claims a vulnerability in Touch ID Fingerprint Scanner and iCloud allows a hacker to access a locked device and potentially gain control over an owner's Apple ID. SRL points out that Airplane mode can be enabled on a stolen phone from the lockscreen, which turns off...

iPhone Fingerprint scanner hack allows attacker to hijack Apple ID using Flight Mode

A German security firm SRL claims a vulnerability in Touch ID Fingerprint Scanner and iCloud allows a hacker to access a locked device and potentially gain control over an owner’s Apple ID. SRL points out that Airplane mode can be enabled on a stolen phone from the lockscreen, which turns off...

Another iPhone lockscreen bypass vulnerability found in iOS 7.02

Here we go again! Earlier this week, Apple released iOS 7.0.2 just to fix some Lockscreen bugs in iOS 7 and but a researcher has found a new Lockscreen bug in new iOS 7.0.2. This new Lockscreen bug is found by Dany Lisiansky, and he uploaded a proof of concept video on YouTube with the complete...

Another iPhone lockscreen bypass vulnerability found in iOS 7.02

Here we go again! Earlier this week, Apple released iOS 7.0.2 just to fix some Lockscreen bugs in iOS 7 and but a researcher has found a new Lockscreen bug in new iOS 7.0.2. This new Lockscreen bug is found by Dany Lisiansky, and he uploaded a proof of concept video on YouTube with the complete...