Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account. Uncovered in February by Thijs Alkemade, a security specialist at IT security firm Computest, the flaw resided in Apple's...

Objection v1.6.6 - Runtime Mobile Exploration

objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. Note: This is not some form of jailbreak / root bypass. By using objection, yo...

iOS Fitness Apps Robbing Money From Apple Victims

Two apps that were posing as fitness-tracking tools were actually using Apple’s Touch ID feature to loot money from unassuming iOS victims. The two impacted apps were the “Fitness Balance App” and “Calories Tracker App.” Both apps looked normal, and served functions like calculating BMI, tracking...

CVE-2018-13434

An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric TouchID validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. ...

Authentication flaw

DISPUTED An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric TouchID validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is n...

CVE-2018-13434

CVE-2018-13434 affects the LINE iOS app (version 8.8.0). The vulnerability stems from the LAContext biometric validation path, where bypass is possible because the kSecAccessControlUserPresence protection is not used, allowing authentication with an arbitrary fingerprint. The issue enables a loca...

CVE-2018-13434

An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric TouchID validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. ...

CVE-2018-12271

An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric TouchID validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In...

Authentication flaw

DISPUTED An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric TouchID validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not...

CVE-2018-12271

Affected software: com.getdropbox.Dropbox app for iOS, version 100.2. Root cause: The LAContext Biometric (TouchID) validation can be bypassed by overriding the LAContext return value to true because kSecAccessControlUserPresence is not used. This enables authentication with an arbitrary fingerpr...

Dropbox: Bypass Local Authentication (TouchID)

​​This report describes an attack to bypass TouchID in the Dropbox Mobile iOS application on jailbroken iOS devices. Dropbox doesn’t consider jailbroken devices in scope for our bounty program...

Runtime Mobile Exploration: objection

objection is a runtime mobile exploration toolkit, powered by Frida . It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. The project’s name quite literally explains the approach as well, whereby...

Passcode Bypass Bug and Email Attachment Encryption Plague iOS 7.1.1

Another iPhone passcode bypass is making the rounds this week that reportedly allows users to trick Siri into skirting around the device’s usual lockscreen to view, edit and call any of the phone’s contacts. The flaw apparently affects the most recent iOS build, 7.1.1 and allows the bypass of bot...

Finally, iPhone's Fingerprint Scanner 'TouchID' hacked first by German Hackers

Apple has marketed TouchID both as a convenience and as a security feature. "Your fingerprint is one of the best passwords in the world," says an Apple promotional video. A European hacker group has announced a simple, replicable method for spoofing Apple's TouchID fingerprint authentication...

Finally, iPhone's Fingerprint Scanner 'TouchID' hacked first by German Hackers

Apple has marketed TouchID both as a convenience and as a security feature. “Your fingerprint is one of the best passwords in the world,” says an Apple promotional video. A European hacker group has announced a simple, replicable method for spoofing Apple’s TouchID fingerprint authentication...