Oct 18 2021

Experts hacked a fully patched iOS 15 running on iPhone 13 at China’s Tianfu Cup hacking contest

Category: Hacking,Smart PhoneDISC @ 9:21 am

White hat hackers earned $1.88 million at the Tianfu Cup hacking contest by finding vulnerabilities in popular software.

The Tianfu Cup is the most important hacking contest held in China, this year white hat hackers earned $1.88 Million demonstrating vulnerabilities in popular software.

The edition of this year took place on October 16 and 17 in the city of Chengdu, participants had three attempts of 5 minutes to demonstrate their exploits.

The winner is the security firm Kunlun Lab who earned $654,500, below the tweet of the amazing expert @mj0011 CEO of Cyber-Kunlun & Kunlun Lab and former CTO of Qihoo 360 and founder of team 360Vulcan.

Tags: China’s Tianfu, ios 15, iPhone 13

Sep 29 2021

Expert discloses new iPhone lock screen vulnerability in iOS 15

Category: Security vulnerabilities,Smart PhoneDISC @ 2:12 pm

The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed.

The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access to a vulnerable device can access Notes via Siri/Voice Over.

Rodriguez explained that in real incidents, unattended or stolen devices with a lock screen bypass vulnerability are exposed to attacks that could leverage a lock screen vulnerability to access sensitive information.

This specific type of vulnerability represents a serious threat to individuals and organizations, for this reason, the expert suggests including their research when conducting a mobile pen-testing assessment.

The expert disclosed details about the lock screen bypass vulnerability after Apple downplayed similar flaws, tracked as CVE-2021-1835 and CVE-2021-30699, reported by the researcher earlier this year.

The flaws allowed an attacker to access instant messaging apps like WhatsApp or Telegram even while the mobile device was locked.

Rodriguez explained that Apple partially fixed the issue and did not involve him in the test of the released patch.

Then the expert proposed a variant of the same bypass issue that leverages Apple Siri and VoiceOver services to access the Notes app.

The expert also published a video PoC for the latest screen bypass vulnerability:

Let me suggest reading a post published by the expert that includes a long list of similar vulnerabilities:


The iPhone Manual – Tips and Hacks

Tags: ios 15, iPhone Hacks, iPhone lock screen vulnerability, iPhone manual, iPhone tips