Zero Day Initiative Advisory 12-075
Zero Day Initiative Advisory 12-075 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec
Intercepter-NG Console Edition 0.1
Intercepter-NG [Console Edition] is a sniffer that offers various capabilities including sniffing for password hashes related to ORACLE/MYSQL/VNC/NNTP/CVS/WWW/HTTP/SOCKS/MRA/FTP/POP3/SMTP/IMAP/LDAP/AIM. It works on NT/Linux/BSD/IOS/Android and is optimized for screen size 80x30 or higher.
Apple Security Advisory 2012-05-14-2
Apple Security Advisory 2012-05-14-2 - This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory.
Apple Security Advisory 2012-05-14-1
Apple Security Advisory 2012-05-14-1 - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
Secunia Security Advisory 47292
Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
Apple Security Advisory 2012-05-07-1
Apple Security Advisory 2012-05-07-1 - A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. Multiple cross site scripting issues existed in WebKit along with a memory corruption issue.
iOS Application (In)Security
This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.
IPhone TreasonSMS HTML Injection / File Inclusion
IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.
Hackers claim to have penetrated Foxconn backdoor
We don't care about iPhones or workers, only lulz It had to happen eventually. Controversial hardware manufacturer Foxconn was reportedly hacked late on Wednesday and a heap of staff email log-ins and intranet credentials posted online which could allow third parties to lodge fraudulent orders.…
iPhone Forensics On iOS 5
This is a brief whitepaper discussing how to perform forensics on iOS 5 on the iPhone.