Samsung Galaxy Apps MITM Vulnerabilities


The Samsung “Galaxy Apps” application installed on every recent Samsung device, a parallel store application with both apps for Samsung smartphones and smart watches, is vulnerable to MITM attacks which could cause user information leaks, permissions dialog bypass and session hijacking.

Affected Products

Samsung Galaxy Apps <= 4.1.01-14


galaxy apps

Read More

OSX Mass Pwning Using BetterCap and the Sparkle Updater Vulnerability.



bettercap

Yesterday Radek from VulnSec posted an interesting article named “There’s a lot of vulnerable OS X applications out there.“, he discovered that the Sparkle update system ( used by some very popular OSX apps such as VLC, Adium, iTerm and so forth ) uses HTTP instead of HTTPS to fetch updates informations for such applications, making all of them vulnerable to man in the middle attacks and, as he shown, remote command execution attacks.

I’m not going to explain the details of his attack, his post is quite self explainatory, but I’ll show you how easy it is to mass pwn OSX machines on your network using the new OSX Sparkle bettercap proxy module.

Read More