The first to fall was Adobe Reader in the enterprise applications category after Haboob SA's Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000. After zero-day vulnerabilities are demoed and disclosed during Pwn2Own, vendors have 90 days to create and release security fixes for all reported flaws before Trend Micro's Zero Day Initiative publicly discloses them. Sandboxes are not the be-all and end-all. This is macOS and not iOS, but the point stands. Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 Also, finding exploits can be quite lucrative. Synacktiv (@Synacktiv) took home $100,000 and a Tesla Model 3 after successfully executing a TOCTOU (time-of-check to time-of-use) attack against the Tesla – Gateway in the Automotive category. They also used a TOCTOU zero-day vulnerability to escalate privileges on Apple macOS and earned $40,000.
Your point is well taken, but CamScanner is a very common software. Everyone in my org uses it, my wife use it with her clients and it's the go to for my kids school work. It lets you take a pic of a physical doc with your phone and converts the photo to a pdf instantly so you can print, share or send it. Im an Android guy phone wise (Have a couple Macbooks and iPads though) and will look deeper at the malware issue. Thats sorta shocking. CS is likely the best known app of its kind. (100m users)
I would use something different, but that's just me. The article is dated, so it could be legit now, but it just gives me a bad feeling. I've never needed an app like this, but if I did, I would use one of the alternatives listed in the article.
Cam Scanner was sort of the pioneer piece in this niche. So simple and versatile. Definately going to look deeper. May have to get my whole staff to switch. Thanks for the link.
Pegasus back in the news. https://www.washingtonpost.com/national-security/2023/03/27/spyware-diplomats-us-pegasus/ IRC, NSO Group only sold to governments. If so, these tools were compromised or some other government targeted US government employees. Oof.
This *poster* posted 4 posts in different old threads in 3 minutes https://www.gatorcountry.com/swampgas/search/1305691399/
You are statistically safer using your phone for such things than you are using your physical plastic card at retail. And lets not even talk about the old days when there were carbon copies. The kid at starbucks snaps a pic of your card while you wait for your latte ...and then goes on a spree. Using your phone encrypts your info and requires your fingerprint/facial rec to even use it and then NONE of your financial info is available to the retailer.
