Whitepaper called iOS Swift Anti-Jailbreak Bypass with Frida.
0bbd66f367356086c12e07df9456f96e99b2ff41cbae2bc41796dac87704aff2
Apple Security Advisory 2020-09-16-1 - iOS 14.0 and iPadOS 14.0 are now available and address code execution, cross site scripting, out of bounds read, and out of bounds write vulnerabilities.
7fd9e27e217c184d9ba4d89012fdbb3e21ae0bc90b9b515446b2e0e9c773363a
This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.
8ca4b125e9aba514f4d2bd3c12b5189f4dceafcaab577262cc602a11c87480fb
A PAC and JIT hardening bypass exists in WebKit on iOS.
7e43df27a79d01df906491c3fa75f5b9b076ed4934270a40b2e9bf12e7d1271c
Mocha Telnet Lite for iOS version 4.2 denial of service proof of concept exploit.
9a5a8b0a5f54690053bd1374cd29bcc29b691e578bc3aa0a707b95622c235114
RTSP for iOS version 1.0 denial of service proof of concept exploit.
b845ab4fd8a9a18a827935204013614fad80dc1e037171e6411158ca11b4c166
iOS suffers from a Page Protection Layer (PPL) bypass due to incorrect argument verification in pmap_protect_options_internal() and pmap_remove_options_internal().
32cee1a372a12e5942e506e272fddc32f9ae961ee5184a1f29319a3e36fa6521
Apple Security Advisory 2020-07-15-1 - iOS 13.6 and iPadOS 13.6 are now available and address buffer overflow, bypass, code execution, cross site scripting, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
a1083d1dcae4c16086a6b4d0fdbeb1f7753173e56db200075a539df34cf55741
VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
ad2b385769262f6b82c11eb32205aa58cc8946448f0a2abb7f3f31a2dd608b59
Apple iOS version 13.5.1 suffers from an issue where it is possible to circumvent the copy and paste restriction from the company profile to the private profile. Thus, it is possible to extract attachments that can be previewed ("Quick Look") in the native Mail client to any private app.
2010fb70717eed823f1bf4f1c9f8436da1844b077ea4ef32867f8306a4680a29
iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering.
185ed329e279974bff794995bb28d911a3d0487fe537cf5e9f91c71beea77fb6
Apple Security Advisory 2020-06-01-1 - iOS 13.5.1 and iPadOS 13.5.1 are now available and address a code execution vulnerability.
ec007d35f526f018b1be8253c214e57f434bfb4c783b4f6479e434eb3164fec2
Apple Security Advisory 2020-05-26-1 - iOS 13.5 and iPadOS 13.5 address bypass, code execution, cross site scripting, denial of service, double free, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
c0c5b060812bd316b274c589d529f7340c15548e77bf81b29d18618cd79bfb74
Apple Security Advisory 2020-05-26-2 - iOS 12.4.7 addresses an out of bounds write vulnerability.
25db04f26f48b4ba1f92482b9041ca6d7f62441ba8497a88e48505ea92305c77
Qik Chat version 3.0 for iOS suffers from a command injection vulnerability.
675143e025a9ea8b21fbc608b0baad3246b979bcfcdffb765049c07924c2d6c7
File Explorer for iOS version 1.4 suffers from an access bypass vulnerability.
3271d0317f2dc249ade02aac72b68c9f5748f74b70b7eda653e0c48251f37f3a
HardDrive version 2.1 for iOS suffers from an arbitrary file upload vulnerability.
0c34b14b82c1c179e184b9fb03967beb613f81201373e46509c51dd3086c8082
File Explorer version 1.4 for iOS suffers from an information disclosure vulnerability.
ea14301d1a375382b614cf4695eb405fac6da803f565cb546fa482ea056bcd0d
Transfer Master version 3.3 for iOS suffers from a denial of service vulnerability.
b9a6596f4343d975491387b6c0efd8201358ab2d43217453fd2b457c61b63294
File Sharing and Chat version 1.0 for iOS suffers from a denial of service vulnerability.
c66a7b587e5d56766ddbffc738da93fb383a62c08ea701cd5be6321bcf2549ea
Easy Transfer version 1.7 for iOS suffers from cross site scripting and directory traversal vulnerabilities.
e1d1fd4ef3b5d9a2ecd4486677c8c2bdaa9be2ff977e3a1ce3b6718426fcbd30
Air Sender version 1.0.2 for iOS suffers from an arbitrary file upload vulnerability.
a14b5d2f646f6165a431ce48859d7864075a081083d1b18d936ddaab47e98f1d
Sky File version 2.1.0 for iOS suffers from cross site scripting and directory traversal vulnerabilities.
1da9b3cb23fa8817040ca9fb3d24cdce84e94c7dadc69c2868cb4c0eed9a1022
Folder Lock version 3.4.5 for iOS suffers from multiple cross site scripting vulnerabilities.
3b135f4aefe258fc995a84436f4773ebbfad4f35fcc43e470ab09558065ffee4
The Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.
c6b28c761212f0e60e98658f4009e7cd57fd0f4804640083646a2559d8213009