Apple iOS Activation Flaw Enables Injection of Unauthenticated XML Payloads
Posted: Wed Jun 04, 2025 4:11 am
A severe vulnerability in Appleās iOS activation infrastructure has been uncovered, posing a significant risk to device security during the setup phase.
This flaw, identified in the iOS Activation Backend at the endpoint https://humb.apple.com/humbug/baa, allows attackers to inject unauthenticated XML .plist payloads without any form of sender verification or signature validation.
https://gbhackers.com/apple-ios-activat ... injection/
This flaw, identified in the iOS Activation Backend at the endpoint https://humb.apple.com/humbug/baa, allows attackers to inject unauthenticated XML .plist payloads without any form of sender verification or signature validation.
https://gbhackers.com/apple-ios-activat ... injection/