Over 2,000 scam apps discovered on App Store #iOS
-scan fingerprint to make in-app purchase
-some of them are still on App Store
-2 apps made around $400k in June alone
-list of 517 apps
https://appsexposed.home.blog/2019/08/02/app-store-a-safe-haven-for-scammers-500-apps-exposed/
-scan fingerprint to make in-app purchase
-some of them are still on App Store
-2 apps made around $400k in June alone
-list of 517 apps
https://appsexposed.home.blog/2019/08/02/app-store-a-safe-haven-for-scammers-500-apps-exposed/
AppsExposed
App Store: A safe haven for scammers (+500 apps exposed)
IMPORTANT UPDATE: This article was first published on Medium. But the scammers which we exposed below reported us and Medium without an explanation suspended our account. We lost all our research t…
How to dump and debug the bootrom (SecureROM) on demoted devices with Apple’s official tools. #iOS
1/ connect the cable using the correct lighting orientation and launch astris
https://twitter.com/1nsane_dev/status/1177856941139337216?s=19
1/ connect the cable using the correct lighting orientation and launch astris
https://twitter.com/1nsane_dev/status/1177856941139337216?s=19
Twitter
Giulio Zompetti
@axi0mX’s #checkm8 is out and let’s you debug your device (up to A11). But how is this done? Here is a little thread on dumping the bootrom (SecureROM) on demoted devices with Apple’s official tools. 1/ connect the cable using the correct lighting orientation…
Jailbreaking – Checkra1n Configuration #iOS
https://aboutdfir.com/jailbreaking-checkra1n-configuration/
https://aboutdfir.com/jailbreaking-checkra1n-configuration/
AboutDFIR - The Definitive Compendium Project
Jailbreaking - Checkra1n Configuration - AboutDFIR - The Definitive Compendium Project
In this installment, I felt that I should discuss how to use Checkra1n, and how to actually get into the device via 2 methods: localhost (tethered) and WiFi (untethered). This is not a blog to discuss how Checkra1n is doing, what it is doing, or what Checkm8…
What a interesting vulnerability in HockeyApp platform #Android #iOS #BugBounty
Leaked API key allowed:
-fetch internal employee contacts
-distribute #malware directly to devices of organization employees as internal app update
+PoC Metasploit scenario
https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/
Leaked API key allowed:
-fetch internal employee contacts
-distribute #malware directly to devices of organization employees as internal app update
+PoC Metasploit scenario
https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/
allysonomalley.com
Saying Goodbye to my Favorite 5 Minute P1
In this post, I’m going to reveal the fastest, easiest P1 that I’ve ever reported – multiple times! It’s the sort of oversight that seems so simple to avoid, but surprisingl…
How to develope and test secure #iOS apps + video demos #MASVS #MSTG
https://www.dropbox.com/sh/tsog4fwa3wg4rd9/AADuNKjtQNaliYSBjr28SevPa?dl=0
https://www.dropbox.com/sh/tsog4fwa3wg4rd9/AADuNKjtQNaliYSBjr28SevPa?dl=0
How to write #iOS program that allows to render arbitrary strings to the #iPhone screen by directly modifying the framebuffer pixels https://link.medium.com/REb7yRhkn3
Medium
Exploring the iOS screen framebuffer– a kernel reversing experiment
It’s been over two years since I last published a blog, so I thought I’d give this another go in 2020 and kick it off by writing about an…
Fugu - is the first open source jailbreak tool based on the checkm8 exploit #iOS
https://github.com/LinusHenze/Fugu
https://github.com/LinusHenze/Fugu
GitHub
GitHub - LinusHenze/Fugu: Fugu is the first open source jailbreak based on the checkm8 exploit
Fugu is the first open source jailbreak based on the checkm8 exploit - LinusHenze/Fugu
XPCSniffer dumps XPC information to a file and the console #iOS
https://github.com/evilpenguin/XPCSniffer
https://github.com/evilpenguin/XPCSniffer
GitHub
GitHub - evilpenguin/XPCSniffer: Sniff XPC goodies on your iOS device.
Sniff XPC goodies on your iOS device. Contribute to evilpenguin/XPCSniffer development by creating an account on GitHub.
Oversecured released an iOS app vulnerability scanner
iOS vulnerability list: https://oversecured.com/vulnerabilities#iOS
Vulnerable app: https://github.com/oversecured/ovia
Report: https://content.oversecured.com/oversecured_sample_report_ios.pdf
iOS vulnerability list: https://oversecured.com/vulnerabilities#iOS
Vulnerable app: https://github.com/oversecured/ovia
Report: https://content.oversecured.com/oversecured_sample_report_ios.pdf
A Year in Review of 0-days Used In-the-Wild in 2021 by Google
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)
For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)
For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
Blogspot
The More You Know, The More You Know You Don’t Know
A Year in Review of 0-days Used In-the-Wild in 2021 Posted by Maddie Stone, Google Project Zero This is our third annual year in rev...
🔥7👍3❤1🥰1👏1
Spyware vendor targets users in Italy and Kazakhstan #Android #iOS #Hermit
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
Google
Spyware vendor targets users in Italy and Kazakhstan
Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.
👍14