Vulnerabilities & Bugs

Mon
14
Aug
Editorial_Staff_Team's picture

Apple iOS v10.2 & v10.3 - SMS Reply Access Permission Vulnerability

Apple iOS v10.2 & v10.3 - SMS Reply & Answer Function

During the last months we had setup a mobile forensic laboratory in our office to reproduce and uncover more new mobile zero-day vulnerabilities. Our first investigation was in a code lock functions of the settings - passcode module and the keyboard suggestion option. To explain the full impact we need to demonstrate the functionalities ago.

The "Answer with Message / Reply with message" allows a local idevice user to answer only to the caller with a customized or automated SMS one time. The function is available in the settings - touch id & code module. After activation of the setting, the idevice owner is able to answer directly to the caller by one sms.The answer as reply runs by the basic sms function over the provider and can generate costs.

Sun
28
May
Editorial_Staff_Team's picture

Stack Buffer Overflow Zero Day Vulnerability uncovered in Microsoft Skype v7.2, v7.35 & v7.36

Stack Buffer Overflow Vulnerability in Skype v7.2, v7.35 & v7.36

Security researchers of the vulnerability laboratory core research team uncovered a critical vulnerability in skype v7.2, v7.35 & v7.36 for microsoft windows. The vulnerability was discovered during a team conference in skype, when a crash occured during an interaction by the usual suspect Benjamin Kunz Mejri. Benjamin is well known for discovering vulnerabilities in skype software. In the last years, his researches on the software mainly stucked and no new public vulnerabilities were uncovered until 2014. The new detected vulnerability has indeed a critical impact to local and remote skype users and is explained as followed.

Thu
10
Nov
Editorial_Staff_Team's picture

Adobe Connect v9.5.6 - (CVE-2016-7851) Persistent Cross Site Vulnerability

Adobe Connect v9.5.6 - (CVE-2016-7851) Persistent Cross Site Vulnerability

About some month ago the pentester and security researcher Benjamin Kunz Mejri was pentesting for the adobe security department the actual upcoming "Connect" web services and web-application. Due to his active researcher the pentester discovered a persistent cross site scripting vulnerability in the Adobe Connect v9.5.6 software client. The issue was reported in april 2016 to Adobe via PSIRT and resolved in november 2016. The "Adobe Connect" web conferencing software service for windows offers immersive online meeting experiences for collaboration, virtual classrooms and large scale webinars.

Pages

Subscribe to RSS - Vulnerabilities & Bugs