lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <51242DB4.7030407@vulnerability-lab.com>
Date: Wed, 20 Feb 2013 02:58:12 +0100
From: Vulnerability Lab <research@...nerability-lab.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Apple iOS v6.1 (10B143) - Code Lock Bypass
	Vulnerability #2

Hey Kirils Solovjovs,
the secound issue is different to the once reported some days ago to
heise online.
The heise online issue (reported by another person) for example allows
with pressed button (only) to handle some of the functions like calls,
voicemail, contacts like you see in the video.

The secound issue allows you to bypass the code lock by using the
screenshot function which results in a blackscreen with the blue
standard template status bar. Attackers do not need to hold any button
or call
the emergency itself to bypass the login.

So why should i report an issue of another researcher? The combo to use
it and the reproduce is totally different.  I do not know him and
decided to drop my bug also after waiting 4 month. His issue was
reported 1 year ago and i like + respect it. Thats all. ;) After
Jerookie flamed around we also droped a message on twitter to make sure
both issues are different. It is the same bullshit he did when we
released the skype bug and msrc confirmed we have a seperate one. Thats
all ~bye

-- 
VULNERABILITY RESEARCH LABORATORY
LABORATORY RESEARCH TEAM
CONTACT: research@...nerability-lab.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ