Vulnerabilities & Bugs

Editorial_Staff_Team's picture

Lab Researcher discovered Microsoft Skype Denial of Service Vulnerability

Microsoft Skype Mobile v8.x - Remote Denial of Service Vulnerability

Vulnerability Labs core team discovered a new denial of service vulnerability and rendering problem in Skype Mobile Client v8.12 and v8.13 this week. The vulnerability can be triggered by sending a special smiley (emoticon) content message remotely. The security problem can be triggered locally and remotely. The problem concerns the mobile client for Android and ios and was demonstrated by ios on Samsung device with a poc video.

The security vulnerability was reported to the microsoft corporation in february (2018-02-03) with MSRC ID 43520 by the vulnerability laboratory core research team.

Editorial_Staff_Team's picture

Apple iOS v10.2 & v10.3 - SMS Reply Access Permission Vulnerability

Apple iOS v10.2 & v10.3 - SMS Reply & Answer Function

During the last months we had setup a mobile forensic laboratory in our office to reproduce and uncover more new mobile zero-day vulnerabilities. Our first investigation was in a code lock functions of the settings - passcode module and the keyboard suggestion option. To explain the full impact we need to demonstrate the functionalities ago.

The "Answer with Message / Reply with message" allows a local idevice user to answer only to the caller with a customized or automated SMS one time. The function is available in the settings - touch id & code module. After activation of the setting, the idevice owner is able to answer directly to the caller by one sms.The answer as reply runs by the basic sms function over the provider and can generate costs.

Editorial_Staff_Team's picture

Stack Buffer Overflow Zero Day Vulnerability uncovered in Microsoft Skype v7.2, v7.35 & v7.36

Stack Buffer Overflow Vulnerability in Skype v7.2, v7.35 & v7.36

Security researchers of the vulnerability laboratory core research team uncovered a critical vulnerability in skype v7.2, v7.35 & v7.36 for microsoft windows. The vulnerability was discovered during a team conference in skype, when a crash occured during an interaction by the usual suspect Benjamin Kunz Mejri. Benjamin is well known for discovering vulnerabilities in skype software. In the last years, his researches on the software mainly stucked and no new public vulnerabilities were uncovered until 2014. The new detected vulnerability has indeed a critical impact to local and remote skype users and is explained as followed.


Subscribe to RSS - Vulnerabilities & Bugs