July 10, 2018—KB4338819 (OS Build 17134.165)

July 10, 2018—KB4338819 OS Build 17134.165 Note This release also contains updates for Microsoft HoloLens OS Build 17134.165 released July 10, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes...

Security Bulletin: IBM Mobile Foundation, IBM Worklight, and IBM Worklight Foundation are affected by the following Apache Cordova vulnerabilities: CVE-2014-3500, CVE-2014-3501 and CVE-2014-3502

Summary Apache Cordova, which is used by these products, is vulnerable to Cross-Application Scripting XAS and Data Exfiltration vulnerabilities. A remote attacker might exploit these vulnerabilities to expose sensitive data from the mobile application. Vulnerability Details CVEID: CVE-2014-3500...

Pwn2Own Huawei HiApp vulnerability principle and the use of analysis of under-vulnerability warning-the black bar safety net

0×01 Preface Pwn2Own Huawei HiApp vulnerability principle and the use of the analysison Reading this article is the basis for understanding previous attacks construct the link. 0×02 vulnerability analysis I don't know if the attentive classmates found in my article analysis article left in the eg...

ReverseAPK - Quickly Analyze And Reverse Engineer Android Packages

Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilitie...

Yosoro 1.0.4 Remote Code Execution

Exploit title: Yosoro 1.0.4 - Remote Code Execution Date: 2018-05-29 Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version: 1.0.4 Tested on: MacOS 10.13.4 CVE:...

Yosoro 1.0.4 - Remote Code Execution

Exploit title: Yosoro 1.0.4 - Remote Code Execution Date: 2018-05-29 Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version: 1.0.4 Tested on: MacOS 10.13.4 CVE:...

Simple bug could lead to RCE flaw on apps built with Electron Framework

A critical remote code execution vulnerability has been discovered in the popular Electron web application framework that could allow attackers to execute malicious code on victims' computers. Electron is an open source app development framework that powers thousands of widely-used desktop...

Coinbase - Buy Bitcoin & more. Secure Wallet. - WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Coinbase - Buy Bitcoin & more. Secure Wallet. published at the 'play' market has multiple vulnerabilities...

GHSA-8XWG-WV7V-4VQP Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

A vulnerability has been discovered which allows Node.js integration to be re-enabled in some Electron applications that disable it. For the application to be impacted by this vulnerability it must meet all of these conditions - Runs on Electron 1.7, 1.8, or a 2.0.0-beta - Allows execution of...

Zomato: [Zomato Android/iOS] Theft of user session

Hi, I'd like to report a bug which allows to theft user data even without installing third-party apps. Activity xml is exported, and can be accessed by browser. When any WebView in a client app, or a browser meets a zomato://etc URL it will automatically launch Zomato app. File...

WondrGo - Event discovery made easy - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application WondrGo - Event discovery made easy published at the 'play' market has multiple vulnerabilities...

Eidoo - BSD license, MIT license, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Eidoo published at the 'play' market has multiple vulnerabilities...

Solitaire TriPeaks - Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Solitaire TriPeaks published at the 'play' market has multiple vulnerabilities...

eXpimal free - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application eXpimal free published at the 'play' market has multiple vulnerabilities...

Cross-domain high-risk vulnerability in WebView component for iOS platforms

WebView is an iOS control for displaying web pages, which is based on the Webkit engine and presents a web page.In addition to the properties and settings of a typical View, WebView controls can handle URL requests, page loading, rendering, and page interactions. The iOS platform WebView componen...

МТС Банк - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application МТС Банк published at the 'play' market has multiple vulnerabilities...

Cheap International Calls & Low Cost Roaming - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Cheap International Calls & Low Cost Roaming published at the 'play' market has multiple vulnerabilities...

My Telekom - Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application My Telekom published at the 'play' market has multiple vulnerabilities...

BVG FahrInfo Plus - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application BVG FahrInfo Plus published at the 'play' market has multiple vulnerabilities...

Booking.com Hotels & Vacation Rentals - Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Booking.com Hotels & Vacation Rentals published at the 'play' market has multiple vulnerabilities...