Published Vulnerabilities

Wed
28
Mar

Lab Researcher discovered Microsoft Skype Denial of Service Vulnerability

Microsoft Skype Mobile v8.x - Remote Denial of Service Vulnerability

Vulnerability Labs core team discovered a new denial of service vulnerability and rendering problem in Skype Mobile Client v8.12 and v8.13 this week. The vulnerability can be triggered by sending a special smiley (emoticon) content message remotely. The security problem can be triggered locally and remotely. The problem concerns the mobile client for Android and ios and was demonstrated by ios on Samsung device with a poc video.

The security vulnerability was reported to the microsoft corporation in february (2018-02-03) with MSRC ID 43520 by the vulnerability laboratory core research team.

Mon
14
Aug

Apple iOS v10.2 & v10.3 - SMS Reply Access Permission Vulnerability

Apple iOS v10.2 & v10.3 - SMS Reply & Answer Function

During the last months we had setup a mobile forensic laboratory in our office to reproduce and uncover more new mobile zero-day vulnerabilities. Our first investigation was in a code lock functions of the settings - passcode module and the keyboard suggestion option. To explain the full impact we need to demonstrate the functionalities ago.

The "Answer with Message / Reply with message" allows a local idevice user to answer only to the caller with a customized or automated SMS one time. The function is available in the settings - touch id & code module. After activation of the setting, the idevice owner is able to answer directly to the caller by one sms.The answer as reply runs by the basic sms function over the provider and can generate costs.

Pages

Subscribe to RSS - Published Vulnerabilities