:: Deepquest ::

This repository contains several tools Project Zero uses to test iPhone messaging. It includes SmsSimulator: an SMS simulator for iPhone, iMessage: tools for sending and dumping iMessage messages, and imapiness: a fuzzer for IMAP clients. See the directory for each tool for further instructions and contact information. This is not an officially supported Google product. […]

Apple Security Advisory 2019-7-23-1 – iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2019-7-23-2 – iTunes for Windows 12.9.6 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2019-7-23-3 – iCloud for Windows 10.6 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2019-7-22-5 – tvOS 12.4 is now available and addresses code execution, cross site scripting, and use-after-free vulnerabilities.

Apple Security Advisory 2019-7-22-1 – iOS 12.4 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.

Apple Security Advisory 2019-7-22-3 – Safari 12.1.2 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2019-7-22-2 – macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra are now available and address bypass, code execution, and use-after-free vulnerabilities.

An issue exists where a malformed iMessage can brick an iPhone. A method in IMCore can throw an NSException due to a malformed message containing a property with key IMExtensionPayloadLocalizedDescriptionTextKey with a value that is not a NSString.

This Metasploit module exploits a command injection in TimeMachine on macOS