Pull to refresh
  • by relevance
  • by date
  • by rating

Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras

Information Security *Cryptography *IT Infrastructure *Reverse engineering *Video equipment

This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.
Read more →
Total votes 19: ↑18 and ↓1 +17
Views 72K
Comments 15

Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program

Information Security *Development for iOS *Development of mobile applications *Reverse engineering *

I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.

Read more to learn the specifics of 0-day vulnerabilities.

Read more
Total votes 59: ↑59 and ↓0 +59
Views 141K
Comments 8

Статья, в которой я раскрываю три 0-day уязвимости в iOS и критикую bug bounty программу Apple

Information Security *Development for iOS *Development of mobile applications *Reverse engineering *

Все уязвимости имеют класс Information Disclosure, а именно получение чувствительной информации приложениями из App Store без запроса разрешений у пользователя, либо обход sandbox и получение такой информации, к которой у приложений в принципе не должно быть доступа. Я загрузил на GitHub код приложений, который я отправлял в Apple для демонстрации уязвимостей, его можно запустить на своих устройствах и посмотреть, приложения только получают данные и отображают их в UI.

Кому интересно почитать подробнее про данные уязвимости, а также про Apple Security Bounty Program, добро пожаловать под кат.

Читать далее
Total votes 244: ↑244 and ↓0 +244
Views 43K
Comments 46