Apple iOS inkPresentation UI fraud vulnerability

Apple iOS is an operating system developed by Apple for its mobile devices.LinkPresentation is one of the presentation display components. A security vulnerability exists in the handling of URLs in the linkPresentation component in Apple iOS versions prior to 11.3.1. The vulnerability can be...

Phishing Spy Campaign Targets Top Mideast Officials

Researchers have discovered a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over ...

Text messages and the Bitcoin Code: follow the money trail

I was a bit surprised to receive lots of messages similar to the one below this past week: I mean, we've all done it—managed a bulk text spam campaign offering free Bitcoins in your spare time, while completely forgetting said business exists. Maybe I did it in my sleep? It's all gone a bit Fight...

Eavesdropper Vulnerability Exposes Mobile Call, Text Data

UPDATE Mobile app developers who code using the Twilio cloud-based platform and are forgetful about removing their hardcoded credentials have put businesses messaging data at risk for exposure. The so-called Eavesdropper vulnerability, disclosed today by Appthority, has been around since 2011 and...

Denial of Service Vulnerability in DZF App

DZF APP is an investment platform that focuses on providing online financial services. A denial-of-service vulnerability exists in DZF APP, as the program fails to limit the number of times SMS can be sent, an attacker can consume server resources and cause a denial of service by sending unlimite...

outis - Custom Remote Administration Tool (RAT)

outis is a custom Remote Administration Tool RAT or something like that. Think Meterpreter or Empire-Agent. However, the focus of this tool is neither an exploit toolkit there are no exploits nor persistent management of targets. The focus is to communicate between server and target system and to...

Bonanza Mall App Registry has SMS Bombing Double Verification Vulnerability

Bonanza Mall APP is a shopping software. There is an SMS bombing double verification vulnerability in the registration of Bonong Mall APP. An attacker can exploit this vulnerability to replay packets sending verification codes without restriction and bombard the client with SMS messages...

Design/Logic Flaw

Samsung SM-G920F build G920FXXU2COH2 Galaxy S6, SM-N9005 build N9005XXUGBOK6 Galaxy Note 3, GT-I9192 build I9192XXUBNB1 Galaxy S4 mini, GT-I9195 build I9195XXUCOL1 Galaxy S4 mini LTE, and GT-I9505 build I9505XXUHOJ2 Galaxy S4 devices have unintended availability of the modem in USB configuration...

Apple iOS/tvOS/macOS/watchOS Denial of Service Vulnerability (CNVD-2017-04933)

iOS is a mobile operating system developed by Apple Inc. First announced at Macworld on January 9, 2007, it was initially designed for use with the iPhone, and has since been applied to the iPod touch, iPad, and Apple TV. tvOS is an Apple-developed system based on iOS. tvOS is the operating syste...

Mobile Ad Hoc Mesh Network: Serval Mesh

Mobile Ad Hoc Mesh Network Serval Mesh, and it is free software that allows smart-phones to communicate, even in the face of catastrophic failure of cellular networks. Serval Mesh allows people to make voice calls, send text messages and share files with other Serval Mesh users, without requiring...

CVE-2017-2452

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors...

CVE-2017-2452

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors...

CVE-2017-2461

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service resource consumption...

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors...

CVE-2017-2452

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors...

CVE-2017-2452

CVE-2017-2452 (Apple iOS Siri lock-screen disclosure) Affected product: Apple iOS prior to 10.3. Vulnerability in the Siri component could allow a physically proximate attacker to read text messages on the lock screen. The issue stems from insufficient locking/state handling, enabling access to m...

Apple iOS Siri Component Information Disclosure Vulnerability

Apple iOS is an operating system developed by Apple Inc. for mobile devices, of which Siri is a voice control component. A security vulnerability exists in the Siri component in Apple iOS versions prior to 10.3. The vulnerability can be exploited by an attacker to obtain the content of a text...

Google Eliminates Android Adfraud Botnet Chamois

Google removed a handful of malicious apps from its Play marketplace recently that were found manipulating ad traffic, sending premium text messages, and downloading additional plugins. Bernhard Grill, Megan Ruthven, and Xin Zhao, security software engineers with the company, said Monday they...

Color Text Messages - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Color Text Messages published at the 'play' market has multiple vulnerabilities...

CVE-2016-10139

An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of...