Welcome to NowSecureUs weekly round-up of mobile security news that matters, in no particular order – the #MobSec5.
- Remember, iOS devs, Apple will stop accepting new apps or app updates for review beginning Tuesday, December 22 until Tuesday, December 29. During the break, consider exploring AppleUs new open-source project: Swift. Apple claims Swift will help catch developer mistakes before apps go live.
- Both Android and iOS received updates last week. Android announced a security update for their Nexus devices that addresses 19 vulnerabilities. Apple released iOS 9.2 including patches for 50 vulnerabilities, and rumors are that Team Pangu may already have a jailbreak in the works.
- Speaking of that Android update, we wanted to congratulate Guang Gong (@oldfresher) for his discovery of the Rwrite-what-where plus heap address leaking in OMXS vulnerability (CVE-2015-6626, PoC). We also appreciate his help reviewing a check for this vulnerability added to the Vulnerability Test Suite (VTS) for Android app. We hope other researchers will follow his example and contribute to the repository.
- And speaking of our VTS for Android app, since its launch people have made more than 340 commits to the repository. Enhancements include new checks, UI improvements (thanks @SandroEMachado!), and more. Thanks to all contributors and anyone that has anonymously shared their results (more than 2,000 entries so far). On Monday, Google removed VTS for Android from Google Play. WeUre currently working through the appeals process and will keep you updated on the NowSecure blog. In the meantime, tech-savvy users can download
- ICYMI: Last week, NowSecureUs @trufae, @oleavr, @0xroot, and @pau all spoke at @NoConName in Barcelona. @trufae and @oleavr led attendees in a hack-a-thon using open-source tools Radare and Frida and discussed how the tools work together. Slides from their talk have been published here.
- BONUS ITEM: Many security researchers are motivated by protecting the public from vulnerable software. Unfortunately, not everyone appreciates such an honorable mission. Motherboard spoke to 18 researchers about always having to look over their shoulder.