Friday, December 18, 2015
Vulnerabilities in Android Update Make All Android Devices Vulnerable
Android upgrade mechanism brings to light a whole new set of
iOS Application Security Part 39 – Sensitive information in memory | mSeclabs Mobile Security
In this article, we will look at analyzing the memory contents of an iOS
application. iOS applications may store sensitive information like
passwords, session IDs etc in the memory of the application without
releasing them. In some cases, releasing these variables may not be an
option. For e.g, it might be required for the application to send an
authentication token with every request and hence there has to be a
reference to it in the memory somewhere. Even though these variables
might be encrypted when stored locally in the application, these
variables will be in their unencryped format while the application is
running. Hence, analyzing the contents of the memory is an important
thing while pentesting an iOS application. If there are some important
properties or instance variables that are not required, they should be
released from the memory.
Read more at mSeclabs team website :
iOS Application Security Part 39 – Sensitive information in memory | mSeclabs Mobile Security
application. iOS applications may store sensitive information like
passwords, session IDs etc in the memory of the application without
releasing them. In some cases, releasing these variables may not be an
option. For e.g, it might be required for the application to send an
authentication token with every request and hence there has to be a
reference to it in the memory somewhere. Even though these variables
might be encrypted when stored locally in the application, these
variables will be in their unencryped format while the application is
running. Hence, analyzing the contents of the memory is an important
thing while pentesting an iOS application. If there are some important
properties or instance variables that are not required, they should be
released from the memory.
Read more at mSeclabs team website :
iOS Application Security Part 39 – Sensitive information in memory | mSeclabs Mobile Security
mSeclabs Mobiquant iOS Application Security Part 40 – Testing apps on your Mac | mSeclabs Mobile Security
In this article, we will discuss the extent to which you can test
applications on your Mac rather than the. This could be useful for many
reasons, sometimes you may not have a jailbroken but want to get a POC
for a vulnerability. We will discuss what are the things you can and
cannot do. To test the application on your system, you will need to have
Xcode installed on your system and you will run the applications on the
iOS simulator.
applications are compiled for the ARM platform whereas the applications
that run on your simulator are compiled for the x86/x64 platform. So, to
test any application properly on your Mac, you must have the source
code of the application to run it on the simulator.
Read more at mSeclabs team website :
mSeclabs Mobiquant iOS Application Security Part 40 – Testing apps on your Mac | mSeclabs Mobile Security
applications on your Mac rather than the. This could be useful for many
reasons, sometimes you may not have a jailbroken but want to get a POC
for a vulnerability. We will discuss what are the things you can and
cannot do. To test the application on your system, you will need to have
Xcode installed on your system and you will run the applications on the
iOS simulator.
Installing ipa files from iTunes on your simulator
Sadly, there is no way you can do that. This is because the iTunesapplications are compiled for the ARM platform whereas the applications
that run on your simulator are compiled for the x86/x64 platform. So, to
test any application properly on your Mac, you must have the source
code of the application to run it on the simulator.
Read more at mSeclabs team website :
mSeclabs Mobiquant iOS Application Security Part 40 – Testing apps on your Mac | mSeclabs Mobile Security
iOS 9 Resolves Hijacking via AirDrop Vulnerability
iOS 9, the operating system that Apple is making available
for download today to its mobile device users, comes with more than new
usability and functionality features. It also resolves a vulnerability
that can be exploited over Apple’s over-the-air file sharing technology,
AirDrop.
Discovered by Australian researcher Mark Dowd, the
vulnerability affects all devices running on iOS 7 or later and can be
exploited to hijack iPhones to run malicious code on them. An attacker
could exploit the security flaw when in Bluetooth range of an affected
device either to install malware of for lock-screen bypass, Dowd says.
Read more at mSeclabs team website :
iOS 9 Resolves Hijacking via AirDrop Vulnerability
for download today to its mobile device users, comes with more than new
usability and functionality features. It also resolves a vulnerability
that can be exploited over Apple’s over-the-air file sharing technology,
AirDrop.
Discovered by Australian researcher Mark Dowd, the
vulnerability affects all devices running on iOS 7 or later and can be
exploited to hijack iPhones to run malicious code on them. An attacker
could exploit the security flaw when in Bluetooth range of an affected
device either to install malware of for lock-screen bypass, Dowd says.
Read more at mSeclabs team website :
iOS 9 Resolves Hijacking via AirDrop Vulnerability
Subscribe to:
Posts (Atom)
Stay updated, Subscribe
Posts
All Comments