Mirmay Private Browser on iPad auto lock authentication bypass

Channel:

Subscribers:

3,350

Published on February 1, 2018 7:11:48 AM ● Video Link: https://www.youtube.com/watch?v=cd6nbos-BI0

Duration: 0:40

628 views

A vulnerability classified as problematic has been found in Mirmay Secure Private Browser & File Manager up to 2.5 on iPad. Affected is the component Auto Lock. The manipulation with a special sequence of UI input leads to a weak authentication vulnerability. CWE is classifying the issue as CWE-287. This is going to have an impact on confidentiality.

The bug was discovered 08/31/2017 by Marc Ruef with scip AG as confirmed video (Youtube). The exploitability is told to be easy. The attack needs to be approached locally. The successful exploitation needs a single authentication.

More details:

Blog
[en] https://www.scip.ch/en/?labs.20180201
[de] https://www.scip.ch/?labs.20180201

VulDB
[en] https://vuldb.com/?id.106056
[de] https://vuldb.com/de/?id.106056
[es] https://vuldb.com/es/?id.106056
[fr] https://vuldb.com/fr/?id.106056
[it] https://vuldb.com/it/?id.106056
[pl] https://vuldb.com/pl/?id.106056
[sv] https://vuldb.com/sv/?id.106056

Other Videos By Marc Ruef

2018-07-24	Super Mario Run (iPhone) - World Tour 1-1 Complete (Up and Over)
2018-07-23	Akinator (iPhone) - Donald Trump
2018-07-23	Looney Tunes Dash! (iPhone) - Level 1-7 Complete (Wabbit Season)
2018-07-23	Looney Tunes Dash! (iPhone) - Level 1-6 Complete (Wabbit Season)
2018-07-23	Looney Tunes Dash! (iPhone) - Level 1-5 Complete (Wabbit Season)
2018-07-23	Looney Tunes Dash! (iPhone) - Level 1-4 Complete (Wabbit Season)
2018-07-23	Looney Tunes Dash! (iPhone) - Level 1-3 Complete (Wabbit Season)
2018-07-23	Looney Tunes Dash! (iPhone) - Level 1-2 Complete (Wabbit Season)
2018-07-23	Looney Tunes Dash! (iPhone) - Level 1-1 Complete (Wabbit Season)
2018-07-23	Crazy Taxi Gazillionaire (iPhone) - Buying Last Taxi
2018-02-01	Mirmay Private Browser on iPad auto lock authentication bypass
2017-05-01	Lego Worlds (PS4) - Glitch
2017-03-18	Horizon Zero Dawn (PS4) - Tallneck Hijacking
2016-08-12	No Man's Sky (PS4) - Weird Pyramid
2016-06-14	Fallout 4 (PS4) - The End of the Institute
2016-06-13	Fallout 4 (PS4) - War Never Changes (Outro)
2016-06-13	Fallout 4 (PS4) - The End of The Brotherhood
2014-08-01	Smart TV gesture inception attack
2014-01-08	Backdoor Inside/Out Test Demo
2013-05-12	Talk Talk Talk - Punch to the Face
2012-06-03	Cybersecurity und Cybercrime (Welt der Wunder, RTL2)

Tags:

Mirmay

Private Browser

iPad

Vulnerability

Security Issue

Authentication

Exploit

iOS