Found 96 bookmarks
Newest
Remote Input Injection vulnerability in Air Keyboard iOS App Still Unpatched
Remote Input Injection vulnerability in Air Keyboard iOS App Still Unpatched
mobile-hacker.com - On June 13, 2025 was disclosed vulnerability in the iOS version of the Air Keyboard app that exposes users to remote input injection over Wi-Fi. The flaw, documented in CXSecurity Report, allows an attacker on the same local network to send keystrokes to a target iOS device without authentication. As of this writing, the app remains available on the App Store and is still affected by the vulnerability. With the report is also published prove of concept python script. In this blog I will test the exploit, have a look on their Android version of Air Keyboard app and conclude with security tips. According to its official information, Air Keyboard is an app that turns your mobile device into a wireless keyboard and mouse for your computer. It connects over the local network and sends or receives input to or from a companion desktop application installed on Windows or macOS. The app’s goal is to offer convenient remote control for presentations, media playback, or general PC use, all from your smartphone or tablet. The vulnerability stems from the iOS app listening on TCP port 8888 for incoming input — without any form of authentication or encryption. A proof-of-concept Python script included in the advisory demonstrates how an attacker can craft data and remotely inject arbitrary keystrokes to the victim’s device. A video demonstration further confirms how trivial the attack is to execute. Because the iOS app does not verify the origin or integrity of the incoming commands, any device on the same Wi-Fi network can send input as if it were the user. The app remains available on the App Store in this vulnerable state, with no fix or warning issued to users.
#mobile-hacker.com#EN#2025#Remote-Input-Injection#vulnerability#AirKeyboard#iOS#App
·mobile-hacker.com·
Remote Input Injection vulnerability in Air Keyboard iOS App Still Unpatched
iPhone wingman app leaks 160K chat screenshots
iPhone wingman app leaks 160K chat screenshots
  • FlirtAI wingman app leaked 160K chat screenshots through unprotected cloud storage. Teenagers frequently used the app, making the breach more concerning for minors. Some individuals were likely unaware their conversations were screenshot and sent to third parties. Sending private screenshots to an AI-based “wingman” app is probably not the best idea. Who would have thought? Unfortunately, users of FlirtAI - Get Rizz & Dates will have to find out the hard way. The Cybernews research team recently discovered an unprotected Google Cloud Storage Bucket owned by Buddy Network GmbH, an iOS app developer. The exposed data was attributed to one of the company’s projects, FlirtAI - Get Rizz & Dates, an app that intends to analyze screenshots that users provide, promising to suggest appropriate replies. Meanwhile, the app makers leaked over 160K screenshots from messaging apps and dating profiles, belonging to individuals that users of the AI wingman wanted assistance with. What makes it worse is that, according to the team, leaked data indicates that FlirtAI - Get Rizz & Dates was often used by teenagers, who fed the AI screenshots of their conversations with their peers. “Due to the nature of the app, people most affected by the leak may be unaware that screenshots of their conversations even exist, let alone that they could be leaked on the internet,” the team said. After the team noted the company and the relevant Computer Emergency Response Team (CERT), Buddy Network GmbH closed the exposed bucket. We have reached out to the company for a comment and will update the article once we receive a reply.
#cybernews#EN#2025#app#data-leak#iPhone#ios#screenshots#unprotected#exposed
·cybernews.com·
iPhone wingman app leaks 160K chat screenshots
Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of their cases. In this report, we discuss key findings from our forensic analyses of their devices. Our analysis finds forensic evidence confirming with high confidence that both a prominent European journalist (who requests anonymity), and Italian journalist Ciro Pellegrino, were targeted with Paragon’s Graphite mercenary spyware. We identify an indicator linking both cases to the same Paragon operator. * Apple confirms to us that the zero-click attack deployed in these cases was mitigated as of iOS 18.3.1 and has assigned the vulnerability CVE-2025-43200.
#citizenlab#EN#2025#Graphite#Paragon#iOS#Mercenary#Spyware#research
·citizenlab.ca·
Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S.
iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S.
Throughout late 2024 and early 2025, iVerify detected anomalous activity on iPhones belonging to individuals affiliated with political campaigns, media organizations, A.I. companies and governments operating in the United States and European Union. Specifically, we detected exceedingly rare crashes typically associated with sophisticated zero-click attacks via iMessage – an exploitation technique previously unobserved in any systematic way in the United States. Subsequent forensic examination of several of these devices ultimately revealed a previously unknown vulnerability in the “imagent” process which, owing to its relative position in the operating system and functionality, would provide attackers a primitive for further exploitation. This vulnerability was patched by Apple in iOS 18.3. We’ve dubbed this vulnerability NICKNAME. In the course of our investigation, we discovered evidence suggesting – but not definitively proving – this vulnerability was exploited in targeted attacks as recently as March of this year. Specifically, we learned that Apple sent Threat Notifications to at least one device belonging to a senior government official in the EU on which we saw the highly anomalous crashes. Likewise, one device demonstrated behavior frequently associated with successful exploitation, specifically the creation and deletion of iMessage attachments in bulk within a matter of seconds on several occasions after an anomalous crash. We only observed these crashes on devices belonging to extremely high value targets. And these crashes constituted only .0001% of the crash log telemetry taken from a sample of 50,000 iPhones.
#iverify#EN#2025#iPhones#spyware#iOS#zero-click#iMessage#vulnerability
·iverify.io·
iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S.
Apple Patches Major Security Flaws in iOS, macOS Platforms
Apple Patches Major Security Flaws in iOS, macOS Platforms
Apple rolls out iOS and macOS platform updates to fix serious security bugs that could be triggered simply by opening an image or video file. Apple on Monday pushed out patches for security vulnerabilities across the macOS, iPhone and iPad software stack, warning that code-execution bugs that could be triggered simply by opening a rigged image, video or website. The new iOS 18.5 update, rolled out alongside patches for iPadOS, covers critical bugs in AppleJPEG and CoreMedia with a major warning from Cupertino that attackers could craft malicious media files to run arbitrary code with the privileges of the targeted app. The company also documented serious file-parsing vulnerabilities patched in CoreAudio, CoreGraphics, and ImageIO, each capable of crashing apps or leaking data if booby-trapped content is opened. The iOS 18.5 update also provides cover for at least 9 documented WebKit flaws, some serious enough to lead to exploits that allow a hostile website to execute code or crash the Safari browser engine. The company also patched a serious ‘mute-button’ flaw in FaceTime that exposes the audio conversation even after muting the microphone. Beneath the interface, Apple said iOS 18.5 hardens the kernel against two memory-corruption issues and cleans up a libexpat flaw (CVE-2024-8176) that affects a broad range of software projects. Other notable fixes include an issue in Baseband (CVE-2025-31214) that allows attackers in a privileged network position to intercept traffic on the new iPhone 16e line; a privilege escalation bug in mDNSResponder (CVE-2025-31222); an issue in Notes that expose data from a locked iPhone screen; and security gaps in FrontBoard, iCloud Document Sharing, and Mail Addressing.
#securityweek#EN#2025#Apple#macos#ios#update#file-parsing#vulnerabilities
·securityweek.com·
Apple Patches Major Security Flaws in iOS, macOS Platforms
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability
A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
#cisco.com#EN#2025#Cisco#IOS#XE#vulnerability#JWT#CVE-2025-20188
·sec.cloudapps.cisco.com·
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability
TTP - Apple Offers Apps With Ties to Chinese Military
TTP - Apple Offers Apps With Ties to Chinese Military
Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military. TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.
#techtransparencyproject#EN#2025#Apple#Chinese#Military#VPN#ios#AppStore
·techtransparencyproject.org·
TTP - Apple Offers Apps With Ties to Chinese Military
LightSpy: Implant for iOS
LightSpy: Implant for iOS
ThreatFabric’s latest insights on LightSpy malware, targeting both iOS and macOS. Learn about the evolving tactics, new destructive features, and the importance of keeping devices updated to defend against these advanced cyber threats.
#threatfabric#EN#2024#LightSpy#iOS
·threatfabric.com·
LightSpy: Implant for iOS
Apple Rolls Out Security Updates for iOS, macOS
Apple Rolls Out Security Updates for iOS, macOS
Apple on Monday announced a hefty round of security updates that address dozens of vulnerabilities impacting both newer and older iOS and macOS devices. iOS 17.6 and iPadOS 17.6 were released for the latest generation iPhone and iPad devices with fixes for 35 security defects that could lead to authentication and policy bypasses, unexpected application termination or system shutdown, information disclosure, denial-of-service (DoS), and memory leaks.
#securityweek#EN#2024#macos#ios#ipados#Security#Updates#for#iOS#iOS17.6
·securityweek.com·
Apple Rolls Out Security Updates for iOS, macOS
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
  • E.V.A Information Security researchers uncovered several vulnerabilities in the CocoaPods dependency manager that allows any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications. These vulnerabilities have since been patched. Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure. Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code. * Dependency managers are an often-overlooked aspect of software supply chain security. Security leaders should explore ways to increase governance and oversight over the use these tools.
#evasec#EN#2024#CocoaPods#Supply#Chain#Attacks#macOS#iOS#CVE-2024-38368
·evasec.io·
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
Chinese Keyboard App Vulnerabilities Explained
Chinese Keyboard App Vulnerabilities Explained
We analyzed third-party keyboard apps Tencent QQ, Baidu, and iFlytek, on the Android, iOS, and Windows platforms. Along with Tencent Sogou, they comprise over 95% of the market share for third-party keyboard apps in China. This is an FAQ for the full report titled "The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers."
#citizenlab#EN#2024#Chinese#Keyboard#App#Vulnerabilities#Tencent#Baidu#Android#iOS
·citizenlab.ca·
Chinese Keyboard App Vulnerabilities Explained
Gold Rush is back to APAC: Group-IB unveils first iOS trojan stealing your face
Gold Rush is back to APAC: Group-IB unveils first iOS trojan stealing your face
Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has uncovered a new iOS Trojan designed to steal users’ facial recognition data, identity documents, and intercept SMS. The Trojan, dubbed GoldPickaxe.iOS by Group-IB’s Threat Intelligence unit, has been attributed to a Chinese-speaking threat actor codenamed GoldFactory, responsible for developing a suite of highly sophisticated banking Trojans that also includes the earlier discovered GoldDigger and newly identified GoldDiggerPlus, GoldKefu, and GoldPickaxe for Android. To exploit the stolen biometric data, the threat actor utilizes AI face-swapping services to create deepfakes by replacing their faces with those of the victims. This method could be used by cybercriminals to gain unauthorized access to the victim’s banking account – a new fraud technique, previously unseen by Group-IB researchers. The GoldFactory Trojans target the Asia-Pacific region, specifically — Thailand and Vietnam impersonating local banks and government organizations. Group-IB’s discovery also marks a rare instance of malware targeting Apple’s mobile operating system. The detailed technical description of the Trojans, analysis of their technical capabilities, and the list of relevant indicators of compromise can be found in Group-IB’s latest blog post.
#group-ib#EN#2024#research#faceid#stealer#iOS#trojan#GoldPickaxe.iOS
·group-ib.com·
Gold Rush is back to APAC: Group-IB unveils first iOS trojan stealing your face
smith (CVE-2023-32434)
smith (CVE-2023-32434)
This write-up presents an exploit for a vulnerability in the XNU kernel: Assigned CVE-2023-32434. Fixed in iOS 16.5.1 and macOS 13.4.1. Reachable from the WebContent sandbox and might have been actively exploited. *Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way. The exploit has been successfully tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) macOS 13.1 and 13.4 (MacBook Air M2 2022) All code snippets shown below are from xnu-8792.81.2.
#Poulin-Bélanger#EN#2023#exploit#analysis#vulnerability#github#macos#ios#CVE-2023-32434
·github.com·
smith (CVE-2023-32434)
Apple Confirms Governments Using Push Notifications to Surveil Users - MacRumors
Apple Confirms Governments Using Push Notifications to Surveil Users - MacRumors
Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US... In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications put the companies "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said. He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying.
#macrumors#EN#2023#privacy#iOS#iPhone#iPad#Apple#push#surveillance
·macrumors.com·
Apple Confirms Governments Using Push Notifications to Surveil Users - MacRumors
Spyware Targeting Against Serbian Civil Society - The Citizen Lab
Spyware Targeting Against Serbian Civil Society - The Citizen Lab
We confirm that two members of Serbian civil society were targeted with spyware earlier this year. Both have publicly criticized the Serbian government. We are not naming the individuals at this time by their request. The Citizen Lab’s technical analysis of forensic artifacts was conducted in support of an investigation led by Access Now in collaboration with the SHARE Foundation. Researchers from Amnesty International independently analyzed the cases and their conclusions match our findings.
#CitizenLab#EN#2023#Serbia#Pegasus#spyware#homekit#iOS
·citizenlab.ca·
Spyware Targeting Against Serbian Civil Society - The Citizen Lab