A severe vulnerability in Apple’s iOS activation infrastructure has been uncovered, posing a significant risk to device security during the setup phase.
This flaw, identified in the iOS Activation Backend at the endpoint https://humb.apple.com/humbug/baa, allows attackers to inject unauthenticated XML .plist payloads without any form of sender verification or signature validation.
https://gbhackers.com/apple-ios-activat ... injection/