Before I start describing details you have to know that this post is published on Responsible Disclosure terms. I sent full report with all the findings to DASAN on 24th October 2017. We have been talking about these vulnerabilities for a long time and one day they just stopped contacting me anymore (even when I warned them that I want to disclose this). Today is 26th April 2018, so it’s over half year after DASAN has been informed.
Not so long time ago I submitted my presentation proposal on CONFidence’s Call For Papers. CONFidence is one of the best European IT Sec conference that I love to attend due to very good presentations quality and hackish^H^H atmosphere ;-) This year I decided to actively attend as a speaker with my presentation about pentesting iOS apps using jailed iDevice. I sent my proposal and when I received the approval, I visited the conference’s website in order to check if I’m included in the speakers list for sure (in SecuRing it’s common to prank your colleagues like for instance sending emails from fake server, haha).
It’s March 2018 when I’m writing this post. From day to day, Apple’s security is improved - we have Kernel Patch Protection, Secure Enclave Processor (now even on macOS with Touch Bar), GateKeeper and many other security features. On the other hand, only in the last half of the year some trivial bugs were found that led to password disclosure. It’s seems like password leaks may be currently the most serious, from PR perspective, *OS problem.
What FreePlane is? FreePlane is an open-source application intended for creating mind maps. Vulnerability descripton: FreePlane is Java-based app that loads its mind maps that are stored as a simple XML files. The parser allowed to expand external entities that caused this vulnerability. Results: When victim opens maliciously crafted mind map, any accessible by Java file can be sent to the attacker. Proof of concept: Malicious mindmap: <map version="freeplane 1.