A researcher published the decryption key for the iOS Secure Enclave Processor exposing a critical new risk within the iOS operating system. We’ve verified this information and explained its impact.
Because organizations need visibility into the security status of public app store apps, we’ve extended the NowSecure Platform to provide “AlwaysOn” mobile app vetting for third-party mobile apps with our new NowSecure Intelligence™ product.
Implementing certificate pinning in mobile apps that handle highly sensitive data provides too much benefit to be passed over. Users can be tricked into installing a malicious self-signed certificate on a mobile device, setting the stage for a man-in-the-middle attack. In those situations, certificate pinning can still prevent the interception of an app’s network traffic.
In this post I explain step-by-step how I solved the OWASP Mobile Security Testing Guide (MSTG) Crackme Level 1 using Frida (and how I then automated it).
Eighty percent of the top free iOS apps don’t support App Transport Security – does yours? Don’t delay. Protect your business and users. Read on for tips on how to transition to ATS support.
An attacker can exploit iOS WebViews to make automatic calls to an attacker-controlled phone number OR FaceTime address. Our research has found that FaceTime URL (facetime://) handlers are frequently overlooked in iOS applications. The oversight allows an attacker to potentially capture a video or snapshot of the affected user by directing them to a webpage from within a vulnerable WebView.