Apple iOS v10.2 & v10.3 - SMS Reply Access Permission Vulnerability

Monday, August 14, 2017
Posted by Editorial_Staff_Team
Vulnerabilities & Bugs
1 comment(s)
Reader's rate:
5
Apple iOS v10.2 & v10.3 - SMS Reply & Answer Function During the last months we had setup a mobile forensic laboratory in our office to reproduce and uncover more new mobile zero-day vulnerabilities. Our first investigation was in a code lock functions of the settings - passcode module... + continue reading

Stack Buffer Overflow Zero Day Vulnerability uncovered in Microsoft Skype v7.2, v7.35 & v7.36

Sunday, May 28, 2017
Posted by Editorial_Staff_Team
Vulnerabilities & Bugs
0 comment(s)
Reader's rate:
5
Stack Buffer Overflow Vulnerability in Skype v7.2, v7.35 & v7.36 Security researchers of the vulnerability laboratory core research team uncovered a critical vulnerability in skype v7.2, v7.35 & v7.36 for microsoft windows. The vulnerability was discovered during a team conference in... + continue reading

PayPal Inc announces 2 new Bug Bounty Program Domains

Tuesday, May 16, 2017
Posted by Editorial_Staff_Team
Bug Bounty
0 comment(s)
Reader's rate:
5
PayPal Inc - New Scope & Program Guidelines It was a bit silent around the independent paypal inc bug bounty program within the last year, because the developers were silently programming and designing new stable updates. Today in the morning the paypal inc company announced several new... + continue reading

Telekom Cloud & Web SSO vulnerable to Bypass & Persistent XSS Attacks

Tuesday, January 3, 2017
Posted by Editorial_Staff_Team
Bug Bounty
0 comment(s)
Reader's rate:
4.25
Telekom Cloud - MyworkPlace Business Frontend & Backend Vulnerabilities Researchers of the vulnerability laboratory core team discovered multiple persistent cross site scripting web vulnerabilities to the telekom cert team in mid december 2016. The security vulnerabilities was located in... + continue reading

Apple iOS 10.2 Notify Function vulnerable to Attacks via iDevice on iTunes & Appstore

Friday, December 23, 2016
Posted by Editorial_Staff_Team
Bug Bounty
2 comment(s)
Reader's rate:
3.76923
How Super Mario Run helped a Security Research to identify a Vulnerability In september we got the first information about the new notify function within the new iOS 10.x version. The new notify function was mainly a secret to all the users until november 2016. Apple did not revealed  how... + continue reading

Barracuda Networks adapts Bug Bounty Program to Cloud Product Services

Tuesday, November 15, 2016
Posted by Editorial_Staff_Team
Bug Bounty
0 comment(s)
Reader's rate:
4.5
New Cloud Services, High Severity Issues & Invitation Only In the last 6 years the public bug bounty program of barracuda networks helped to improve the security of their active product series. At the beginning the program was running independently but about 1 and  a half year ago the... + continue reading

US Military starts official "Hack the Army" Bug Bounty Program

Monday, November 14, 2016
Posted by Editorial_Staff_Team
Top Stories
1 comment(s)
Reader's rate:
5
US Military starts official "Hack the Army" Bug Bounty Program Due to the last days "Eric Fanning" secretary of the us army announced, that the new "Hack the Army" Bug Bounty Program will start soon. In 2016 the "Hack the Pentagon" Program was disclosing... + continue reading

Adobe Connect v9.5.6 - (CVE-2016-7851) Persistent Cross Site Vulnerability

Thursday, November 10, 2016
Posted by Editorial_Staff_Team
Vulnerabilities & Bugs
0 comment(s)
Reader's rate:
3.4
Adobe Connect v9.5.6 - (CVE-2016-7851) Persistent Cross Site Vulnerability About some month ago the pentester and security researcher Benjamin Kunz Mejri was pentesting for the adobe security department the actual upcoming "Connect" web services and web-application. Due to his active... + continue reading

Wickr Inc - When honesty disappears behind the VCP Mountain

Thursday, October 27, 2016
Posted by Editorial_Staff_Team
Top Stories
5 comment(s)
Reader's rate:
5
Wickr Inc Secret Messenger - Bug Bounty Program Vulnerabilities by Design Today we would like to talk about the security of the american secret messenger called "Wickr - Secret Messenger". The company of the product is located in the united states and encrypts messaging context with... + continue reading

Featured Cooperative Security Articles

Apple iOS v10.2 & v10.3 - SMS Reply Access Permission Vulnerability

Monday, 14/08/17 - 1 comment(s)
Apple iOS v10.2 & v10.3 - SMS Reply & Answer Function During the last months we had setup a mobile forensic laboratory in our office to reproduce and uncover more new mobile zero-day vulnerabilities. Our first investigation was in a code lock functions of the settings - passcode module and the keyboard suggestion option. To explain the... + continue reading

Stack Buffer Overflow Zero Day Vulnerability uncovered in Microsoft Skype v7.2, v7.35 & v7.36

Sunday, 28/05/17 - 0 comment(s)
Stack Buffer Overflow Vulnerability in Skype v7.2, v7.35 & v7.36 Security researchers of the vulnerability laboratory core research team uncovered a critical vulnerability in skype v7.2, v7.35 & v7.36 for microsoft windows. The vulnerability was discovered during a team conference in skype, when a crash occured during an interaction by... + continue reading

Jump back to navigation

BUG BOUNTY ISSUES

PayPal Inc announces 2 new Bug Bounty Program Domains

Tuesday, 16/05/17 - 0 comment(s)
PayPal Inc - New Scope & Program Guidelines It was a bit silent around the independent paypal inc bug bounty program within the last year, because the developers were silently programming and... + continue reading

Telekom Cloud & Web SSO vulnerable to Bypass & Persistent XSS Attacks

03/01/17 - 0 comment(s)

Apple iOS 10.2 Notify Function vulnerable to Attacks via iDevice on iTunes & Appstore

23/12/16 - 2 comment(s)

Barracuda Networks adapts Bug Bounty Program to Cloud Product Services

15/11/16 - 0 comment(s)

+ View all
Jump back to navigation

BEST SECURITY VIDEOS

PayPal Inc patched medium severity Cross Site Request Forgery Issue

Tuesday, 25/08/15 - 0 comment(s)
PayPal Inc patched medium severity Cross Site Request Forgery Issue The independent and individual vulnerability laboratory researcher paresh parmar discovered during the participate in the... + continue reading

Shopify | Buy Button | Persistent Embed POST Inject Vulnerability

13/08/15 - 8 comment(s)
UBNT Bug Bounty #3 - Persistent Filename Vulnerability

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

11/08/15 - 0 comment(s)

Ebay Inc coordinated patch of 3 Magento Vulnerabilities (IVE, XSS & CSRF)

23/06/15 - 1 comment(s)

+ View all
Jump back to navigation

IT-SECURITY EVENTS

Manchester City - Football Club hosts first Hackathon in July 2016

Tuesday, 05/07/16 - 0 comment(s)
Manchester City - Football Club hosts first Hackathon in July 2016 The city of football club ManchesterCity had organized a new event #HackMCFC, which will provide participants with access to... + continue reading

Hack in the Box | Amsterdam 2015 | HITB

31/05/15 - 3 comment(s)

Egyptian Workshop - Bug Bounty & Security Research

28/04/15 - 0 comment(s)

CeBIT 2015 (d!conomy) - Heise offers Slots in Open Developer World

10/11/14 - 0 comment(s)

+ View all
Jump back to navigation

Mon
14
Aug
Editorial_Staff_Team's picture

Apple iOS v10.2 & v10.3 - SMS Reply Access Permission Vulnerability

Submitted by Editorial_Staff_Team on Mon, 08/14/2017 - 03:01

Apple iOS v10.2 & v10.3 - SMS Reply & Answer Function

During the last months we had setup a mobile forensic laboratory in our office to reproduce and uncover more new mobile zero-day vulnerabilities. Our first investigation was in a code lock functions of the settings - passcode module and the keyboard suggestion option. To explain the full impact we need to demonstrate the functionalities ago.

The "Answer with Message / Reply with message" allows a local idevice user to answer only to the caller with a customized or automated SMS one time. The function is available in the settings - touch id & code module. After activation of the setting, the idevice owner is able to answer directly to the caller by one sms.The answer as reply runs by the basic sms function over the provider and can generate costs.

Sun
28
May
Editorial_Staff_Team's picture

Stack Buffer Overflow Zero Day Vulnerability uncovered in Microsoft Skype v7.2, v7.35 & v7.36

Submitted by Editorial_Staff_Team on Sun, 05/28/2017 - 18:38

Stack Buffer Overflow Vulnerability in Skype v7.2, v7.35 & v7.36

Security researchers of the vulnerability laboratory core research team uncovered a critical vulnerability in skype v7.2, v7.35 & v7.36 for microsoft windows. The vulnerability was discovered during a team conference in skype, when a crash occured during an interaction by the usual suspect Benjamin Kunz Mejri. Benjamin is well known for discovering vulnerabilities in skype software. In the last years, his researches on the software mainly stucked and no new public vulnerabilities were uncovered until 2014. The new detected vulnerability has indeed a critical impact to local and remote skype users and is explained as followed.

Tue
16
May
Editorial_Staff_Team's picture

PayPal Inc announces 2 new Bug Bounty Program Domains

Submitted by Editorial_Staff_Team on Tue, 05/16/2017 - 13:37

PayPal Inc - New Scope & Program Guidelines

It was a bit silent around the independent paypal inc bug bounty program within the last year, because the developers were silently programming and designing new stable updates. Today in the morning the paypal inc company announced several new updates regarding the guidelines and scopes. The company decided, to expand the program conditions to followup with the program after years of successful public integration.

Pages

Subscribe to VULNERABILITY MAGAZINE - Bug Bounties, Acknoweldgements & Security Research RSS

Recent comments

It is always a pleasure to
Lori M
cool case
Smaggaer
pwned and logged like a boss
Roni
BMW is one of the most iconic
Montex Luis
You have touched some best
MichelMassey
Wickr
Mr..
iPad Mini 5
Ben Hogan
very nice indeed & the attack
Hajo
ingham
locksmith rockingham
excellent hunt !
deba fares akrem

Syndicate

Subscribe to Syndicate