MITRE Adds Appthority as CVE Numbering Authority (CNA)

On Sep 7, 2018, MITRE announced that Appthority has joined 89 other organizations as a CVE Numbering Authority (CNA). Appthority is the first CNA that is focused on enterprise mobile threat research, and we’re proud of this designation. We look f… Continue reading MITRE Adds Appthority as CVE Numbering Authority (CNA)

Appthority Discovers Thousands of Apps with Firebase Vulnerability Exposing Sensitive Data

Appthority has discovered a significant mobile data vulnerability related to Google Firebase which has resulted in the exposure of a wide range and large amounts of sensitive data through thousands of mobile apps. The exposure is not due to malicious c… Continue reading Appthority Discovers Thousands of Apps with Firebase Vulnerability Exposing Sensitive Data

ZipperDown: Remote Code Execution Attack on iOS Apps

On May 15, 2018, Pangu Lab announced the ZipperDown vulnerability, which allows a remote code execution attack on iOS apps. Although Pangu Lab did not disclose the details of the ZipperDown vulnerability, we can infer from its researcher’s public… Continue reading ZipperDown: Remote Code Execution Attack on iOS Apps

RSA App Exposes User Data Due to Common Developer Mistake

Late last week security researchers found the RSA security conference exposing conference attendee data via vulnerabilities in its mobile app. Because a 3rd party developer had hard coded data – including security keys and passwords – in th… Continue reading RSA App Exposes User Data Due to Common Developer Mistake