This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.
8527c3e88bfed9bdffcf0bcf1dbd7036IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.
baf9f8ad1ec36e375b28bc78fba8b6f1Vopium for Android and iPhone leaks various data such as your password by passing it in the clear.
624744baa5cdb47240b0bfc201bee2b9This is a brief whitepaper discussing how to perform forensics on iOS 5 on the iPhone.
782903866dd7d55143c6835188eda2feWhitepaper called Hacking Dispositivos iOS. It demonstrates how dangerous it is to be connected to a wireless network with an iOS device that has OpenSSH enabled. Written in Spanish.
ae05680dc6d82049bbe79bf2fac33be6iPhone/iPad Phone Drive version 1.1.1 suffers from a directory traversal vulnerability.
b63ce126d747f94ec58cd93bc00718d0Secunia Security Advisory - Some vulnerabilities has been reported in Apple iOS for iPhone 4 (CDMA), which can be exploited by malicious people to compromise a vulnerable device.
ce1d63f9833ac7bdd73666a3db1e6ec2Secunia Security Advisory - A vulnerability has been reported in Apple iPhone iOS, which can be exploited by malicious people to compromise a vulnerable device.
131bf6f34af638bf6f3358a865f9b773Zero Day Initiative Advisory 11-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files. When handling the OfficeArtMetafileHeader the process trusts the cbSize field and performs arithmetic on it before making an allocation. As the result is not checked for overflow, the subsequent allocation can be undersized. Later when copying into this buffer, memory can be corrupted leading to arbitrary code execution under the context of the mobile user on the iPhone.
73c6d0ab44664ae2917de0b921def7d1Checkview version 1.1 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
1ece07f88e1f643b1604f4679937e4f6The Air Contacts Lite iPhone / iPod application suffers from a denial of service vulnerability.
c9bfe2ee19e3e87489a8fb44e3e826aaApple iPhone 4 with iOS 4.3 (8F190) suffers from a passphrase disclosure vulnerability that allows all local processes access to it.
5806a00d78c413e35d82e31be0490810iFileExplorer Free for iPod Touch / iPhone version 2.8 suffers from a remote directory traversal vulnerability.
064768337d402694326af84d6a8db51aZero Day Initiative Advisory 11-101 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's iPhone Webkit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the library implements the .sort function for an array. The library will trust the implementation of a particular method which when executed can be used to manipulate elements out from underneath it. This can lead to code execution under the context of the application.
388a7371469e84f404d9597c81737774TIOD version 1.3.3 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
2786bd33631a2f9b525dbda088bdecaaiPhone MyDocs version 2.7 suffers from a directory traversal vulnerability.
23fba2f55ddcc89807ff99d443fe0d54iPhone iFile version 2.0 suffers from a directory traversal vulnerability.
f4bdae6b02b0273de397fcde642f160diPhone Folders version 2.5 suffers from a directory traversal vulnerability.
e112a6293907948ca19949f51a462669iPhone PDF Reader Pro version 2.3 suffers from a directory traversal vulnerability.
186434e1a1e0f1c5f494649caea81c9diPhone Guitar suffers from a directory traversal vulnerability.
d199bc95d9b4b8e80cb59b2449310022iPhone iShred version 1.93 suffers from a directory traversal vulnerability.
82d0bdd4cd613fdad826f5a7fd2d9bb3Share version 1.0 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
8a7b801195a2a846396a4676312d1dc0myDBLite version 1.1.10 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
51021732b9fcd9d0f34d5823d1b53f2fiDocManager version 1.0.0 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
cef119c2e546eff298f53d49012e2ffaFiler Lite version 2.1.0 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
dfadf3ff02552b7ee7ab723636914007
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed