Posts in "Mobile Security"

WhatsApp Buffer Overflow Vulnerability: Under the Scope

Researcher: Chilik Tamir (@_coreDump)   Recently, Zimperium blogged about the new WhatsApp vulnerability disclosed by Facebook on May 13th. This vulnerability was reportedly exploited in the wild, and it was designated as CVE-2019-3568. A previous post by Zimperium gave some preliminary information about the vulnerability, impacted WhatsApp products, an alleged exploit and how Zimperium could … Read More

5 Must-Have Sections For Every Enterprise Mobile Security RFP – Must-Have #1: Advanced, Purpose-Built Threat Detection

Our first free webinar in our series of “The 5 Must-Have Sections for Every Enterprise Mobile Security Request For Proposal (RFP)” deals with Advanced, Purpose-Built Threat Detection, and took place on June 19, 2019. Mobile operating systems (OSs) are fundamentally different from other endpoint OSs. The reality is, mobile devices are now the de facto platform for productivity … Read More

CVE-2019-8545 : Vulnerability in IOHIDFamily.kext

Summary A local user may be able to cause unexpected system termination or read kernel memory. Details In the function IOHIDEventServiceFastPathUserClient::getSharedMemorySize, the ClientObject (Offset 0xE0 of the user client) is given to a function which assumes it is initialised (It should be initialised via external method 0 — IOHIDEventServiceFastPathUserClient::_open). Calling IOConnectMapMemory64 without calling _open (or … Read More