The purpose of this post is to explain how automated mobile app security testing on the most recent versions of iOS on Apple standard production devices is now possible, with Jailed Testing, via NowSecure Gadget technology on NowSecure Workstation.
As with all things mobile, there are both secure and insecure ways of downloading and using zipped content. Back in 2014, NowSecure identified and properly disclosed zip file download and remote code execution (RCE) vulnerabilities on Android for Samsung and Vungle. Now Pangu has posted about iOS zipfile download issues identified as ZipperDown.
A series of mobile apps built by or connecting with STRAVA have been sharing and publishing activity by geolocation – including what should be highly confidential information about U.S. personnel and military staff locations. Get recommendations on how to protect your organization and staff from risks like STRAVA data collection and sharing.
Key reinstallation attacks (KRACK) put Wi-Fi security, mobile devices & mobile apps at risk. Learn what you need to do to protect your enterprise.
AccuWeather recently received a public flogging for their mobile app’s privacy practices. Read a quick summary of the incident with a few lessons on critical mobile app security best practices.
I’ve recently noticed a spike in questions from our customers — and specifically security analysts — about App Transport Security (ATS), or NSAppTransportSecurity, for iOS apps. ATS is a critical security practice for our customers in financial services and other regulated industries. A lot of ATS documentation already exists, but questions persist. A core part