Now you can root using exploit Galaxy S9, Galaxy S9+ and Galaxy Note 9 if you’re running Android 8.0 or 8.1 Oreo.
https://www.xda-developers.com/samsung-galaxy-s9-galaxy-note-9-snapdragon-root/
https://www.xda-developers.com/samsung-galaxy-s9-galaxy-note-9-snapdragon-root/
XDA Developers
Developers have exploited the Samsung Galaxy S9 and Note 9 to get root access on the Snapdragon models
Developers have figured out how to root the Snapdragon models of the Samsung Galaxy S9 and Galaxy Note 9 thanks to an exploit, but there's a catch.
Analysis of native react Android applications
https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/
https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/
Fugu - is the first open source jailbreak tool based on the checkm8 exploit #iOS
https://github.com/LinusHenze/Fugu
https://github.com/LinusHenze/Fugu
GitHub
GitHub - LinusHenze/Fugu: Fugu is the first open source jailbreak based on the checkm8 exploit
Fugu is the first open source jailbreak based on the checkm8 exploit - LinusHenze/Fugu
Exploiting Insecure Firebase Database in Android apps
https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/
https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/
Security Breached Blog
Exploiting Insecure Firebase Database! - Security Breached Blog
this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a Short POC tutorial of the issue.
In the case you prefer Android InfoSec news rather on Facebook, we are there.
It is better for posting visuals and videos.
Feel free to like us https://facebook.com/AndroidInfoSec/
It is better for posting visuals and videos.
Feel free to like us https://facebook.com/AndroidInfoSec/
Android Banking Malware #slides
https://maxkersten.nl/wp-content/uploads/2020/02/SecureID_AndroidBankingMalware_ENG.pdf
https://maxkersten.nl/wp-content/uploads/2020/02/SecureID_AndroidBankingMalware_ENG.pdf
Analyzing iOS WhatsApp Calls
Analysis of the network traffic + binary files + runtime behavior
https://link.medium.com/yi4uD2Q1P3
Analysis of the network traffic + binary files + runtime behavior
https://link.medium.com/yi4uD2Q1P3
Medium
Analyzing WhatsApp Calls
How I revealed parts of the VoIP protocol with Wireshark, radare2 and Frida.
Overview of mobile malware detected in December 2019 by Doctor Web
https://news.drweb.com/show/review/?i=13641&lng=en
https://news.drweb.com/show/review/?i=13641&lng=en
Dr.Web
Dr.Web — Doctor Web’s overview of malware detected on mobile devices in December 2019
Find out on Doctor Web’s site about the latest virus threats and information security issues.
MadDroid: Detecting Devious Ad Contents for Android Apps
https://arxiv.org/pdf/2002.01656.pdf
https://arxiv.org/pdf/2002.01656.pdf
Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-apps-on-google-play-communicate-with-trojans-install-malware-perform-mobile-ad-fraud/
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-apps-on-google-play-communicate-with-trojans-install-malware-perform-mobile-ad-fraud/
Trend Micro
Fake Android Apps Communicate For Malware, Ad Fraud
We found several malicious optimizer, booster, and utility apps capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or payloads.
Anubis Banking Trojan still spreads via email as fake invoice
https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/
https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/
Cofense
Anubis Targets 250 Android Apps with Ransomware | Cofense
Infostealer keylogger/ransomware, OneAnubis, targets 250 Android applications - Stay informed about Android app vulnerabilities and OneAnubis malware.
Bluetooth Vulnerability in Android (CVE-2020-0022)
Bug allows an attacker to execute arbitrary code with the privileges of the Bluetooth daemon
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Bug allows an attacker to execute arbitrary code with the privileges of the Bluetooth daemon
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Forwarded from The Bug Bounty Hunter
Android: How to Bypass Root Check and Certificate Pinning
https://medium.com/@cintainfinita/android-how-to-bypass-root-check-and-certificate-pinning-36f74842d3be
https://medium.com/@cintainfinita/android-how-to-bypass-root-check-and-certificate-pinning-36f74842d3be
Medium
Android: How to Bypass Root Check and Certificate Pinning
Recently I needed to pentest an Android application. When I installed the app in my virtual device (Android Emulator), a pop up…
👍1
iOS exploit development series:
Part 1: Heap Exploit Development:
https://azeria-labs.com/heap-exploit-development-part-1/
Part 2: Heap Overflows and the iOS Kernel Heap
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
Part 3: Grooming the iOS Kernel Heap
https://azeria-labs.com/grooming-the-ios-kernel-heap/
Part 1: Heap Exploit Development:
https://azeria-labs.com/heap-exploit-development-part-1/
Part 2: Heap Overflows and the iOS Kernel Heap
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
Part 3: Grooming the iOS Kernel Heap
https://azeria-labs.com/grooming-the-ios-kernel-heap/
Azeria-Labs
Heap Exploit Development
Elector app leaked personal information – ID, full name, address, and phone – of almost 6.5 million Israelis with voting rights
https://securityaffairs.co/wordpress/97603/data-breach/elector-app-israel-data-leak.html
https://securityaffairs.co/wordpress/97603/data-breach/elector-app-israel-data-leak.html
Security Affairs
Netanyahu's party Elector app exposes data on over 6.5M Israelis
A misconfiguration in an election day app developed by Likud, the Netanyahu's party might have exposed data on over 6.5 million Israelis.
rvi_capture
A utility to create packet capture dumps from iOS devices (for debugging network activity via Wireshark)
https://github.com/gh2o/rvi_capture
A utility to create packet capture dumps from iOS devices (for debugging network activity via Wireshark)
https://github.com/gh2o/rvi_capture
GitHub
GitHub - gh2o/rvi_capture: rvictl for Linux and Windows: capture packets sent/received by iOS devices
rvictl for Linux and Windows: capture packets sent/received by iOS devices - gh2o/rvi_capture
Overview of mobile malware detected in January 2020 by Doctor Web
https://news.drweb.com/show/?i=13669&lng=en
https://news.drweb.com/show/?i=13669&lng=en
Dr.Web
Dr.Web — Doctor Web’s January 2020 overview of malware detected on mobile devices
Find out on Doctor Web’s site about the latest virus threats and information security issues.