Recently the Pure Hacking technical team completed a regular skills update session on iPhone application security with a company that is a world leader in identifying mobile application vulnerabilities. Most mobile application vulnerabilities occur when developers either insecurely store sensitive information in the application or use client side controls to enforce server security. With 1,000,000 apps in the app store today this has serious repercussions for naive consumers.
I recently had to go in to bat for a client who was told by their PCI auditor that they would fail PCI and as a result have to notify all their clients that they were not PCI compliant. The reason they failed was because the ASV scanner picked up an F5 internal IP address disclosure vulnerability that their scanning engine Nessus picked up.
About a month ago I was chatting on skype to a colleague about a payload for one of our clients. Completely by accident, my payload executed in my colleagues skype client.
I decided to investigate a little further and found that the Windows and Linux clients were not vulnerable. It was only the Mac skype client that seemed to be affected. So I decided to test another mac and sent the payload to my girlfriend. She wasn't too happy with me as it also left the her skype unusable for several days.