:: Deepquest ::

My Photo Wifi Share & PS 1.1 for iOS suffers from a local command injection vulnerability.

Easy FileManager version 1.1 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.

ePhone Disk version 1.0.2 for iOS suffers from denial of service, command injection, and local file inclusion vulnerabilities.

Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp().

Apple TV had an issue where it was logging a user’s Apple ID and password via debug output in logs.

Facetime allows video calls for iOS. Facetime-Audio, added in iOS 7, allows audio only calls. The audio version uses a vulnerable URL scheme which is not used by Facetime Video. The URL Scheme used for Facetime-Audio allows a website to establish a Facetime-audio call to the attacker’s account, revealing the phone number or email address […]

Apple Security Advisory 2014-03-10-1 – iOS 7.1 is now available and addresses multiple security vulnerabilities.

Apple Security Advisory 2014-03-10-2 – Apple TV 6.1 is now available and addresses information disclosure, date checking failure, buffer overflow, and various other vulnerabilities.

This Metasploit module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper’s prompt: “APP_NAME” is an application downloaded from the internet. Are you sure you want to open […]

Apple Security Advisory 2014-02-25-1 – OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vulnerability.