Published Vulnerabilities

Apple App Store and iTunes Store - Filter Bypass & Persistent Invoice Web Vulnerability

An application-side input validation web vulnerability has been discovered in the official Apple - App Store and iTunes Store online-service web-application. Vulnerability-Lab Founder and Researcher Benjamin Kunz-Mejri discovered a vulnerability that allows remote attackers to inject own malicious script codes to the application-side of the vulnerable context function or service module. The Vulnerability has been reported to Apple Security team on June 9, 2015 and they accepted it via mail response on June 29, 2015. Since then there was only a brief conversation about the issue and the status mails are not fully replied by Apple.

Eisbär SCADA - Persistent Software Vulnerability in Visualization Software

Today security researchers of the vulnerability laboratory team disclosed an application-side vulnerability in the SCADA Eisbär software. EisBär KNX is a modern, affordable software for visualization and automation of intelligent buildings or machinery.

The researcher setup a secure environment that was able to execute scada controlled functions in our company by an android, ios and windows mobile device. Due to the implementation we discovered that the server configuration input impacts a common security risk.