![]() On iOS 8.1.3 if you try to trigger a malicious update, the installation will fail and mobile_installation_proxy will return the following error message: This was addressed by preventing enterprise applications from overriding existing applications in specific scenarios. Impact: A malicious enterprise-signed application may be able to take control of the local container for applications already on a deviceĭescription: A vulnerability existed in the application installation process. What I thought was the most unexpected thing described in the MASQUE attack on iOS was the ability for an App with the same bundle ID, but signed by a different developer identity, to replace the original App already installed on the device when doing so, the evil App would then have access the original App’s private files!Īmong many other security vulnerabilities, Apple fixed this issue with the release of iOS 8.1.3:Īvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Updated Microsoft, Apple and Mozilla trust stores.Bug fixes for EC certificates, HSTS, XMPP and LDAP.Improved the formatting of the XML output to make it easier to parse and more useful this will break any tool that was processing the XML output from previous versions, but an XML Schema Definition is now available in SSLyze’s root folder.Added the -quiet option to hide any text output when using –xml_out.Added the -ca_file option for specifying a local trust store to validate the server’s certificate.Added support for Postgres StartTLS see -starttls=postgres.As always, it is pretty cool to see people getting involved! Full Changelog However, I’ve also generated an XML Schema Definition to help developers work with the XML output.Īs described in the changelog, additional new features were implemented, most of them coming from pull requests from various contributors including cjeanneret, arirubinstein, wolfgangkarall and bluec0re. As a consequence, the updated XML formatting will break any application that was processing XML results from the previous version. Most of the changes were toward making the XML output more consistent and easier to parse. As usual, pre-compiled packages available in the release section of the project’s page on GitHub. I just released a new version of SSLyze which brings new features and improvements.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |