Objection v1.6.6 - Runtime Mobile Exploration

objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. Note: This is not some form of jailbreak / root bypass. By using objection, yo...

CVE-2018-13434

An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric TouchID validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. ...

Authentication flaw

DISPUTED An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric TouchID validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is n...

Dropbox: Bypass Local Authentication (TouchID)

​​This report describes an attack to bypass TouchID in the Dropbox Mobile iOS application on jailbroken iOS devices. Dropbox doesn’t consider jailbroken devices in scope for our bounty program...