| Vulnerabilities In CocoaPods Open The Door To Supply Chain Attacks Against Thousands Of iOS And MacOS Applications |
|
|
|
| Bypassing iCloud Web Access Restriction |
|
|
|
| Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped |
|
|
|
| One Scheme to Rule Them All: OAuth Account Takeover |
|
|
|
| Securing our home labs: Home Assistant code review |
|
|
|
| Part 3: Learning iOS App Pentesting and Application Security with Real-World Case Studies |
|
|
|
| “Please do not make it public” - Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping |
|
|
|
| Using Browser Tools For Bug Hunting: An Interesting 0$ Write IDOR On Instagram |
|
|
|
| iOS App Pentesting and Security with Real-World Case Studies Part 2 |
|
|
|
| Learning iOS App Pentesting and Security Part 1 |
|
|
|
| DER Entitlements: The (Brief) Return of the Psychic Paper |
|
|
|
| Public Report – VPN by Google One Security Assessment |
|
|
|
| CVE-2022-32898: ANE_ProgramCreate() multiple kernel memory corruption |
|
|
|
| CVE-2022-32929 - Bypass iOS backup's TCC protection |
|
|
|
| A tale of a simple Apple kernel bug |
|
|
|
| SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri |
|
|
|
| Amazon Quickly Fixed A Vulnerability In Ring Android App That Could Expose Users’ Camera Recordings |
|
|
|
| Identity Confusion in WebView-based Mobile App-in-app Ecosystems |
|
|
|
| Exploiting vulnerabilities in iOS Application |
|
|
|
| Story about more than 3.5 million PII leakage in Yahoo!!! |
|
|
|
| Files.app Symbolic Link Following |
|
|
|
| Abusing Facebooks `Call To Action` To Launch Internal Deeplinks |
|
|
|
| Exploiting Request forgery on Mobile Applications. |
|
|
|
| Mistuned Part 1: Client-side XSS to Calculator and More |
|
|
|
| Apple Security Bounty: A personal experience |
|
|
|
writeups.xyz
/
IOS