Classic iOS iPad Exploit

resources reporting iPad vulnerability

Especially interesting because of this FAILURE of the most basic QA principle of Limit testing: (and corollary “buffer limit testing“) many years after  Apple achieved titan status. 

~~~~~vulnerability.com~~~~~

https://www.vulnerability-lab.com/get_content.php?id=2018

Document Title: 
=============== 
Apple iOS v10.1.1 - Access Permission via Buffer Overflow   

References: 
=========== 
https://www.vulnerability-lab.com/get_content.php?id=2018 Video: https://www.youtube.com/watch?v=yygvBJBFy4s 

Reference: 
http://www.hemanthjoseph.com/2016/11/how-i-bypassed-apples-most-secure-find.html

Release Date:
=============
2016-12-01


Vulnerability Laboratory ID (VL-ID):
==================================
2018

buffer overflow vulnerability in iPad 2016
~~~~

How security flaws work: The buffer overflow | Ars Technica

YouTube Video

~~~~~ ars technica ~~~~~

Apple’s Activation Lock feature, introduced in iOS 7 in 2013, deters thieves by associating your iPhone and iPad with your Apple ID. Even if a thief steals your device, puts it into Recovery Mode, and completely resets it, the phone or tablet won’t work without the original user’s Apple ID and password. This makes stolen iDevices less valuable since they become more difficult to resell, and it has significantly reduced iPhone theft in major cities.

The feature has been difficult to crack, but a new exploit disclosed by Vulnerability Lab security analyst Benjamin Kunz Mejri uses a buffer overflow exploit and some iPad-specific bugs to bypass Activation Lock in iOS 10.1.1. 

How security flaws work: The buffer overflow | Ars Technica

This entry was posted in B2B, Customer Service, QA, QA Bites Back!, QA-munity, Security, Usability. Bookmark the permalink.