Ostorlab: Mobile App Security Testing for Android and iOS

Tag

vulnerability

Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution

This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.

Youssef Badaoui

Saad Mazouzi


            Wed 16 October 2024

Engineering

Threat Center v2: Staying Ahead of Vulnerabilities

The Threat Center provides essential updates for organizations to stay informed about security th...

Adnane Serrar


                  Thu 10 October 2024

Security

Ostorlab KEV update for 02 April 2024

New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog

Ostorlab Team


                  Tue 02 April 2024

Security

Ostorlab KEV update for 11th March 2024

New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog

Ostorlab Team


                  Mon 11 March 2024

Security

Ostorlab KEV update for 26th February 2024

New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog

Ostorlab Team


                  Mon 26 February 2024

Security

ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter

Recent in-depth investigations reveal serious vulnerabilities discovered in widely-used zip packages in Flutter and Swift, posing serious security risks for thousands of developers and applications. Our article delves into the technical aspects of these vulnerabilities, explaining their discovery, implications and mitigation strategies.

Ostorlab Team


                  Fri 04 August 2023

Latest posts

Security

Ostorlab's Insecure Flutter Apps: A Playground for Learning and Testing Mobile Security

Ostorlab has open-sourced two Flutter applications, designed to be intentionally insecure for testing and educational purposes. The apps, one native to iOS and the other a Java/C++/Flutter app, highlight a variety of common mobile app vulnerabilities. Available under the Apache-2.0 license, they serve as practical resources for understanding Flutter security.

Ostorlab


                    Mon 10 July 2023

Engineering

Life of a Scan: how OXO's open-source vulnerability scanner works

This article talks about how OXO works under the hood.

Rabson Phiri


                    Tue 02 August 2022

Changelog

View all changes

2 of 2

vulnerability

Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution

Threat Center v2: Staying Ahead of Vulnerabilities

Ostorlab KEV update for 02 April 2024

Ostorlab KEV update for 11th March 2024

Ostorlab KEV update for 26th February 2024

ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter

Latest posts

Ostorlab's Insecure Flutter Apps: A Playground for Learning and Testing Mobile Security

Life of a Scan: how OXO's open-source vulnerability scanner works

Changelog

Subscribe to the Ostorlab Newsletter