Apple – Vulners Blog

Monthly digest not just about FireEye and SolarWinds hacks

Posted on December 21, 2020 by Dmitry Uchakin

The last monthly digest this year turned out to be intense and interesting. There was a lot of news about various hacks and attacks, new methods of attacks were invented and new malware was discovered. Bottom line of this month: supply chain attacks exist and the secure Security Development Lifecycle is VERY IMPORTANT! Vulnerabilities: Apple … Continue reading Monthly digest not just about FireEye and SolarWinds hacks →

Cisco stories, ICS and Apple features

Posted on November 23, 2020November 23, 2020 by Dmitry Uchakin

Apple recently released its new OS Bg Sur and immediately started fixing vulnerabilities. Also, undocumented features were found in new platform. Cisco is fixing vulnerabilities in its products strangely. Pair of funny tools and a couple of interesting stories in news section. Vulnerabilities: Cisco story, "bugs" in messagers and ICS;Tools: Bloodhound continues to be updated, … Continue reading Cisco stories, ICS and Apple features →

Zero-day for Apple (Safari), tools and malware news

Posted on August 31, 2020August 31, 2020 by Dmitry Uchakin

Stealing local files via Safari, few PoCs with exploit, so veriety malware and blue team research (mostly). Vulnerabilities: Have you ever seen a digest without Microsoft?Tools: Mix of tools for the red and blue team;News: Mainly about malware and cats. Not everyone loves cats;Research: Usefull for SOC analysts and DFIR. Feedback -> here Vulnerabilities CVE-2020-3952 … Continue reading Zero-day for Apple (Safari), tools and malware news →

The two most important conferences of the year and new facebook tool

Posted on August 10, 2020August 10, 2020 by Dmitry Uchakin

This week there were such significant events as Defcon and Black Hat 2020. Some of the materials from these conferences are in today's digest. Vulnerabilities: Cool material from Blackhat 2020 and Qualcomm vulnerabilities. Tools: New code analyzer from facebook. News: Data leak and ransomware for Canon (like Garmin). Research: Mostly for the blue/purple teams. Feedback: … Continue reading The two most important conferences of the year and new facebook tool →

Apple devices for security researchers

Posted on July 22, 2020 by Dmitry Uchakin

Great news for security researchers and bug hunters! Apple officially started "The Security Research Device (SRD)" program to provide its devices to security researchers. To participate in this program, you need to meet several conditions: Developer account (99$/year);Bugs / vulnerabilities in the Apple platforms or in other popular and modern platforms / operating systems;You must … Continue reading Apple devices for security researchers →

Vulners weekly digest #13

Posted on July 6, 2020July 6, 2020 by Dmitry Uchakin

There are 4 sections:VulnerabilitiesToolsNewsResearch Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities Vulnerability CVE-2020-5902 in F5 BIG-IP received a CVSS score of 10. Exploiting the vulnerability allows executing commands on behalf of an unauthorized user and completely compromising the system, for example, intercepting the traffic of web resources controlled by the controller. https://twitter.com/i/status/1280008779359125504 https://vulners.com/thn/THN:02088F21DB6E2D58FA2FBFDB5C735108 Multiple vulnerabilities in popular remote desktop … Continue reading Vulners weekly digest #13 →

Monthly Vulners Review #3

Posted on June 29, 2020June 29, 2020 by Dmitry Uchakin

Monthly review for the first time in four sections. Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities and exploits Bitdefender fixed the vulnerability in SafePay, a secure browser designed to protect sensitive online transactions, such as online banking and electronic purchases. Exploitation of vulnerability CVE-2020-8102 allows an attacker to remotely execute commands in the context of a user on a … Continue reading Monthly Vulners Review #3 →

Vulners weekly digest #10

Posted on June 8, 2020 by Dmitry Uchakin

Default 4 sections:VulnerabilitiesToolsNewsThreat hunting and malware research Vulnerabilities Apple has released updates to fix a CVE-2020-9859 that was used to jailbreak an iPhone with iOS 13.5. The vulnerability affects the iOS kernel and can allow an application to execute arbitrary code with kernel privileges. https://vulners.com/apple/APPLE:HT211214 CVE-2020-2883 in the Oracle WebLogic Server product of Oracle Fusion … Continue reading Vulners weekly digest #10 →

Jailbreak for any IOS devices

Posted on May 25, 2020May 25, 2020 by Dmitry Uchakin

Last weekend, a team of information security experts and reverse engineers introduced a new version of the Unc0ver jailbreak (5.0.0). This tool works for almost any iPhone, even with the latest iOS 13.5 on board. Unc0ver authors say it exploits a zero kernel vulnerability in the iOS kernel, which Apple experts are not yet aware … Continue reading Jailbreak for any IOS devices →