19 posts tagged with "Desktop Appliance Deployments"

We’re excited to announce the latest updates and improvements in Version 7.1.0!

This release introduces powerful new features, enhanced functionality, and critical bug fixes to ensure you have the best possible experience.

iOS Enhancements​

• Fixed an issue with the iPhone 14 Pro Max boot process.
• Improved Wi-Fi stablity.
• Improved kernel stability.

Android Enhancements​

• Added support for Android 15.
• Added support for OpenGApps on Android 13, 14, and 15.

MATRIX Enhancements​

• History Page: Added powerful filtering options to improve navigation and usability.
• Matrix Report Downloads: The filename for downloaded reports (HTML and JSON) now reflects the createdBy property.

New Checks and Artifacts​

• iOS Checks

  • Network: Detects applications containing deprecated FTP functionality.
  • Crypto: Flags hardcoded API keys within the application bundle.
  • Storage: Identifies sensitive values stored in plaintext within the Keychain.

• Android Checks and Artifacts:

  • Check: Detects applications utilizing the FLAG_SECURE setting.
  • Artifact: Lists all application databases stored locally and provides file paths for user reference.

Web Interface Improvements​

• Added support for Dark Mode.

Premium Licence Customers Only​

• Added support for iOS 18.2 beta.

The 7.0.3 patch release for on-site appliances contains the following:

• Firmware services reliability improvements
• Fixed an Ubuntu 24 upgrade issue for hostnames that contain underscores

• Updated usability to gain parity with the 7.0 cloud release
• Improved on-site upgrade installation experience
• On-site appliance OS upgrade to Ubuntu 24 (Click here to download instructions)
• Logging improvements
• Known issue: Booting iPhone 16 when PAC is enabled is not supported

This patch release for on-site appliances improves the following:

• fwservice and fwupdater services are more reliabile and faster.
• Fixed a bug in the Create User API and UI workflows.
• Charm Development Kits no longer throw errors when cloning certain snapshots.

iOS 18 is now available​

We're excited to announce the support of iOS 18.0 build 22A3354!

MATRIX Improvements​

We made a series of improvements to MATRIX!

• Added 2 new iOS checks:

  • Application Utilizes Certificate Pinning Protections
  • Application Utilizes an Insecure Nanopb Library

• Added 1 new artifact for both iOS & Artifact

  • Geolocation

• Reconstituted 2 previous Android checks as artifacts:

  • Application Contains Hardcoded URL
  • Application Utilizes Intents Vulnerable to Redirection

• Lots of bugfixes and other miscellaneous improvements.

MATRIX​

We made a stack of iterative improvements to our MATRIX feature!

• Added support for downloading JSON to History page
• Added tooltips to report statuses
• Added pagination to improve UI
• 2 new Android checks
• 5 new iOS checks
• Improved check outputs
• Lots of bugfixes and improvements

Enhanced Plan Offerings​

We have enhanced our plan offerings to better align with our customers’ budgets, feature requirements, and environment needs. We now provide a diverse range of plan levels, ensuring that our customers can find options that meet both their financial and operational needs.

Explore our new plans:

• Solo (for individuals): corellium.com/products/solo

• Viper (for companies): corellium.com/products/viper

• Falcon (for governments): corellium.com/products/falcon

Added iBoot / SEP support for iPhone XR 15.2​

This release provides iBoot and SEP support for iPhone XR 15.2 for customers with Premium license.

This version requires you to install Corellium 6.4.0 first.

iOS 18 Beta Support​

Customers with Premium licenses can now run both jailbroken and non-jailbroken iOS 18 beta firwares (build 22A5307).

Known Issues: The beta firmware may occasionally cause devices to panic. If a panic occurs during the initial boot process, recreate the device. If it happens after the device has booted to the home screen, try restarting the device.

Bugs Fixes​

We have improved the reliability and user interface through various bug fixes.

This version requires you to install Corellium 6.4.0 first.

LDAP Authentication​

Corellium is happy to annoumce that we now support LDAP as an addition to our SSO offerings.

For more information about how to configure LDAP please see our documentation.

MATRIX Improvements​

Matrix is not longer in Beta. Interested in Adding MATRIX to you account please contact your Corellium representative.

MATRIX additions and improvements just keep coming. Here are some things you can look forward to in this release.

The Introduction of Atrifacts​

A new type of content in MATRIX reports! artifacts are informational items pulled from the target app, such as application databases, keychain dumps, and Plist files. These artifacts display in the MATRIX report as a file path or code block, so users can investigate them further. Users can also download them in HTML and JSON file formats.

This release will include six artifacts for iOS devices only.

• Application Code Sizing
• Keychain Dump
• Application Databases
• Application Certificates
• Plist Files
• Background Modes

Artifacts for Android devices are coming soon!

If a user wants to investigate an artifact further, they can copy/paste the resulting info into a new keyword file and run another MATRIX test!

Artifact Summary: When a user views the interactive MATRIX report, specifically the summary of Results at the top, they will see an "artifact" counter.

Auto-Select Uploaded App​

Previously, after a user uploaded a target app via MATRIX, they had to manually search for and select it before starting their test. That meant extra steps and potential confusion. Now, whichever app they upload will auto-select.

Corellium Version vs. App Version​

Previously, we only showed the Corellium version on JSON and HTML report. This meant UI users needed to dig around to learn what version of MATRIX they had run the target app against. Now, we show Corellium Version in the UI on both the History page and Interactive Report. We also clarify App Version and Corellium Version.

Error Messaging Improvements​

We now display error messages for checks in the UI. User no longer have to go to the HTML or JSON downloads to view these errors.

CLI / API​

we continued to roll out improvements to our CLI and API, creating a more robust and coherent experience for end users.

New Android Checks​

New iOS Checks​

Bugs Fixes​

We ended our MATRIX improvements with an amazing "bug bash." We dedicated significant effort to make MATRIX even more reliable from the individual checks to our overall application itself.

• Fixed completed MATRIX tests that were stuck in awaiting testing
• Fixed inconsistencies in MATRIX results across various Android firmware versions.

MATRIX Improvements​

We've been working hard on making MATRIX more powerful, robust, and interactive. Here are some things you can look forward to in this release.

More Checks​

This release includes 14 new Android checks and 5 new iOS checks, primarily focused on finding sensitive values in HTTPS traffic, application signing vulnerabilities, various app protections, and the keychain. For a complete list of new checks, view our Support docs tests checks.

Regex Support for Keywords​

You asked, and we listened. You can now use a regular expression syntax in your keywords file for pattern-matching static data. For example, instead of searching for variants of these patterns:

1234-1234

1234-5678

1234-0000

1234-xxxx

You can add a line item of regex(/1234-/).

Other MATRIX Updates​

We also added the ability to view MATRIX reports while devices are off, view "Created by" from the HTML-generated report, and many miscellaneous bug fixes and improvements.

General Improvements​

This version also applies various bug fixes for better overall performance and stability, plus continuous enhancements to our web interface for improved usability.

This month's update includes two features - one that we have had enhanced in beta for a few months now, called MATRIX, and one that is new to our platform called Snapshot Sharing.

MATRIX​

If you've been playing with this feature, you may have seen it referred to in our application as MAST (Beta). Today, we're formally rolling out our name for this feature, MATRIX, which stands for Mobile Application Testing and Reporting Interface.

MATRIX now includes 8 new Android checks and 4 new iOS checks.

New Android Checks​

New iOS Checks​

UI/UX Enhancements​

Users are provided with guidance that offers a step-by-step process for completing a test. We have also included toast notifications to notify users when actions and tests have been completed. Once the tests have finished and you are ready to view the results, you can either view them in the UI or download the results in HTML or JSON formats.

The MATRIX index page has been redesigned to give users better access to their test results.

• A summary has been added so you do not have to navigate to see your check results. Users can also sort by Status or Severity to easily find specific tests. Each test can expand to display the full list of all checks and results, including Impact, Remediation, and Evidence.

• You will also see any tests that have not been completed, ensuring users always know where they left off. If a user tries to start a new test, they will be prompted to complete or delete the unfinished test.

• A History section has been added, enabling users to view or delete old tests.

We believe readily available support documentation is crucial for quickly answering your questions, allowing you to stay focused on your tasks.

• From the main MATRIX page, users can click out to view the MATRIX support homepage or the CI/CD workflow page.

  Learn how to get started with MATRIX.

Bug fixes​

We have continued to fix the bugs found during our Beta. Thank you to all of our select Business customers who have sent us comments about what they have experienced. We are proud to say that we have pushed all the fixes to those bugs into this release.

Known Issues​

Rooted / Jailbroken

• MATRIX does not support non-rooted or non-jailbroken devices. To use MATRIX, ensure that the device is rooted (Android userdebug) or Jailbroken (iOS).

Project Admins Only

• Non-project admins who attempt to use MATRIX will be automatically logged out. This will change in future updates.

Keep the App Open

• When running MATRIX, ensure that the app is open in the virtual device until the report is generated. If the app is closed, there is a chance that the report will not be generated.

Snapshot Sharing​

We are very excited about the new feature included in this release. Snapshot sharing allows users to distribute snapshots with other users within the platform. At this time, snapshot sharing is only available for Business customers only.

Learn how to get started with Snapshot sharing.

Snapshot sharing is controlled by Access Codes to ensure that only authorized individuals can use or share the snapshots, enhancing security and confidentiality.

Please note that when you create a new device from a shared live snapshot, the device's file system is copied to the new device, but the RAM state is not. This means the new device will boot up as if it were power-cycled but with the snapshot's file system state.

Virtualize iOS 17.5 Devices​

Official iOS 17.5 support is now available for all customers who can virtualize compatible devices.

Today we're rolling out Corellium version 6.2.1 for on-premise and desktop appliances.

Android Live Snapshots​

Live snapshots capture the state of a virtual device's RAM and filesystem. Corellium can resume live snapshots in the same state as when they were suspended, including running apps. We're bringing Live Snapshots, a feature previously only available on iOS devices, to Android.

Misc Bug Fixes​

Fixed a few system stability issues.

iOS 17.5 Beta​

Premium On-Site and Desktop Appliance support has been extended to include up to iOS 17.5 Beta.

UI/UX Enhancements​

For this round of updates, we're taking into account the considerable feedback we've gathered from you, our customers. In response to this valuable feedback, we've made some focused improvements to our web interface to help you better understand the state of your devices and to provide more visibility around device hours and burst usage.

Device Hours & Burst Usage Transparency​

In our effort to provide you with a clearer insight and a better understanding of your device usage and billing, we've made the following changes to our web interface:

• A device hours counter has been added to the web interface to enable a better understanding of device usage by keeping a total count of the amount of device hours consumed in a billing period.

• We've refreshed the subscription page, detailing the components of your plan and providing a usage summary to show your current spending based on device hours used in a given billing period.

For subscriptions that include burst, the counter will update to reflect when the following billing thresholds are reached:

• When you've reached 85% of your alloted hours.

• When you've reached 100% of your alloted hours. When reached, any additional device hours will be billed at the burst rate.

Device States​

With the transition of billing to revolve around device hours, we're helping you ease into this change by applying color schemes to the device's state indicator. This addition is aimed to provide a clear visual representation of the states of your devices.

• A green color scheme is associated with the device's state indicator when a device is considered active.

• A black color scheme is associated with the device's state indicator when a device is considered turned off.

• A green color scheme is associated with the device's state indicator when pausing an active device to show that the device is active when paused.

Accessibility Work​

We've made significant headway in our goal to achieve WCAG 2.1 AA compliance, and our efforts are ongoing. We are committed to integrating accessibility improvements throughout our product, ensuring it becomes increasingly accessible for all users to promote a more inclusive experience.

Virtualize iOS 17.4 Devices​

Official iOS 17.4 support is now available for all customers who can virtualize compatible devices.

MATRIX Fixes and Enhancements​

We've made some updates to enhance your experience with our MATRIX UI. To help you quickly review the outcomes of your MATRIX tests, we've introduced a Summary and Results section. This new feature allows you to easily view the results of the security tests that have been run. We've also made various bug fixes and general enhancements to further improve our MATRIX solution.

Key Bug Fixes​

• Fixed an issue where USBFlux did not contain all the correct architecture types.
• Fixed an issue preventing iOS 17 devices from connecting to Xcode.

Virtualize iOS 17.4 Devices​

Premium On-Site and Desktop Appliance support has been extended to include up to iOS 17.4 Beta.

Bug fixes​

We have also included miscellaneous bug fixes in this release.

MATRIX (Beta) for Cloud​

We have released our automated mobile app security testing tool, known as MATRIX, to our Business Cloud customers. Available for both iOS and Android devices, MATRIX drastically reduces the effort, cost, and time required to perform professional-grade penetration testing.

Learn how to get started with MATRIX.

Note: For our Cloud customers, our MATRIX tool requires a device that was created on February 1, 2024, or after.

Virtualize iOS 17.3.1 Devices​

Customers can now run iOS 17.3.1 on all compatible virtual devices.

WCAG 2.1 Improved Compliance​

We rebuilt the device tools and features pages, the global navigation bars, the home page, and the admin pages to be more compliant with the Web Content Accessibility Guidelines 2.1 (WCAG 2.1) standard.

Bug fixes​

We've also included miscellaneous bug fixes in this release.

Corellium proudly presents iPhone 15 devices! iPhone 15, 15 Plus, 15 Pro and 15 Pro Max, along with iOS up to version 17.0.3

Additional updates include:

• Added a Current Period Usage panel in the Admin > Subscription page to track your usage for our current subscription offerings
• SSO is now generally available for Business customers, refer to our documentation to get started
• Miscellaneous bug fixes and improvements, including Accessibility enhancements

• Corellium is proud to announce iOS 17 support, up to 17.0.2
• Improved SSO beta support for Auth0, Okta, Azure AD B2C, and PingIdentity
• iOS microphone support
• Android fingerprint peripheral support
• Upgrade Frida on iOS to 16.1.3
• Bug fixes and enhancements
• We are aware of an intermittent kernel panic issue affecting iOS 16.x.

• Official beta support for on-premises SSO with Auth0 (Okta)
• Improved iOS Beta support

iOS 17 Beta is now available for on-premises customers.

• Debug Accelerator
• Advanced Network Monitor
• Update the iOS version
• Restore a physical iOS backup to a Corellium device