CVE-2023-39337 - MobileConfig profile download authentication bypass

Last Modified Date Dec 11, 2023 2:11:27 PM...

CVE-2020-36621 chedabob whatismyudid mobileconfig.js exports.enrollment cross site scripting

A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch i...

Fake iOS Jailbreak Site Lures in Apple Users

Bad actors are taking advantage of a recently-disclosed iOS bug with a fake website claiming to give iPhone users the ability to jailbreak their phones. In reality, researchers warn, the site ultimately enables attackers to conduct click fraud. A jailbreak, a method to escape Apple’s limitations ...

Xenmobile Certificate based authentication--Unable to push VPN policy to iOS device.

Error : In the software inventory for the device we can see the error “Could not create mobilecofig ” Server logs 2017-02-24T10:35:05.236+0100 | | INFO | http-nio-10080-exec-72 | com.sparus.nps.apple.push.ApplePush | Installing profile /cfg/VPNtest on device 522. 2017-02-24T10:35:05.298+0100 |...

Apple iPhone cryptographic weakness

Certificate key usage is not checked during validation of .mobileconfig wireless autoconfiguration file...

iPhone certificate flaws

iPhones can be configured over the air by inviting users to download .mobileconfig files from a URL. This feature is used by large companies and universities to distribute various settings to a large number of iPhones. For security reasons, these files need to be cryptographically signed to be...