12 matches found
CVE-2026-46486
MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...
EUVD-2026-35186
MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...
CVE-2026-46486 Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing
MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...
CVE-2026-46486
MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...
CVE-2026-46486
MVT (Mobile Verification Toolkit) has a path traversal vulnerability in iOS Backup processing due to unsanitized file identifiers. The fileID field from Manifest.db is used directly in path construction in two code paths: mvt-ios decrypt-backup (read/write paths) and mvt-ios check-backup (get bac...
CVE-2026-46486 Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing
MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...
How to catch a wild triangle
In the beginning of 2023, thanks to our Kaspersky Unified Monitoring and Analysis Platform KUMA SIEM system, we noticed suspicious network activity that turned out to be an ongoing attack targeting the iPhones and iPads of our colleagues. The moment we understood that there was a clear pattern in...
inDrive: the domain is truck-admin.eu-east-1.indriverapp.com and Enter the management system of the blasting mobile phone verification code
Vulnerability description not provided...
Fake Fortnite for Android links found on YouTube
The extremely popular video game Fortnite is coming to Android sometime this summer, and the fanbase is going wild. Not surprisingly, mobile malware developers are taking advantage. Already, there are several videos on YouTube with links claiming to be versions of Fortnite for Android, despite th...
Fast Breakfast App Has Design Flaw Vulnerability
Fast Breakfast App is a mobile service that can help you buy breakfast. Fast Breakfast APP has a flawed mobile verification code design vulnerability, allowing attackers to exploit the vulnerability to register any cell phone number...
X (Formerly Twitter): BROKEN AUTHENTICATION IN MOBILE VERIFICATION
Hey Team this is geekboy : this report is about broken authentication in mobile section . Description : when user want to add any mobile number to his account , he will go mobile section and twitter will ask the user to select the country and enter the mobile number . so when testing i entered th...
ShopEx商家用户中心任意用户密码重置
简要描述: 客户有个shopex的站点,看到未获得授权,便登录用户中心,结果..... 详细说明: 在找回密码中选择手机找回,输入手机号获取验证码。 2.然后获取验证码,这时候自动跳转到下一步鸟. 3.奇葩的一面出现鸟,由于没有手机收验证码,我随手输入了几个字符,结果大跌眼镜,直接跳到新密码页面、 4.邪恶了下,改密码后就登录成功鸟. 经测试chrome未能复现 使用IE测试可复现 漏洞证明: 登录成功鸟.... 要利用这个必须知道网站所有者的手机号码,不过现在中小电商都留的是自己的手机号...