Published Vulnerabilities


Apple iOS v8.0.2 - Silent Contact 0Day Vulnerability (Denial of Service)

Denial of Service Vulnerability in Apple iOS v8.0.2

Normally "Denial of Service" is a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. With Apple´s iOS v8.0.2 your iPhone or iPad can be the next target of the attack.

The discovered vulnerability allows an attacker to crash the mobile device and force a system reboot. Not really cool as an average blackhat hacker attack because this will shut down the mobile device.

But if the attacker is a regime, agency or even the police that uses a denial of service attack on mobile phones this would be a serious critical issue. In a real world scenario the mobile phones in a specific area or user group could be targeted and forced to crash/reboot. This could have a strong impact on how to communicate.


Google Android Mobile Browser - Persistent Remote Vulnerability (PoC Video)

Google Android Mobile Browser - Persistent Remote Vulnerability

Today in the morning the well known vulnerability-lab core team researcher ismail kaleem (maledives) has discovered the details of a google android browser vulnerability. The vulnerability is remotly exploitable and the severity of the issue is high.

The bug has been reported to google by the famous maledivian researcher during a pentest session in the official facebook bug bounty program. The issue is located in the google android mobile browser engine and its validation.

Remote attacker are able to inject own persistent script code by base64 encode script code payloads to hijack session information or to compromise user accounts of a service. First the bug has been reported to the facebook security team which later refered the core team to the google security program.


Subscribe to RSS - Published Vulnerabilities