Skip to main content

19 posts tagged with "Desktop Appliance Deployments"

View All Tags

We’re excited to announce the latest updates and improvements in Version 7.1.0!

This release introduces powerful new features, enhanced functionality, and critical bug fixes to ensure you have the best possible experience.

iOS Enhancements

  • Fixed an issue with the iPhone 14 Pro Max boot process.
  • Improved Wi-Fi stablity.
  • Improved kernel stability.

Android Enhancements

  • Added support for Android 15.
  • Added support for OpenGApps on Android 13, 14, and 15.

MATRIX Enhancements

  • History Page: Added powerful filtering options to improve navigation and usability.
  • Matrix Report Downloads: The filename for downloaded reports (HTML and JSON) now reflects the createdBy property.

New Checks and Artifacts

  • iOS Checks

    • Network: Detects applications containing deprecated FTP functionality.
    • Crypto: Flags hardcoded API keys within the application bundle.
    • Storage: Identifies sensitive values stored in plaintext within the Keychain.
  • Android Checks and Artifacts:

    • Check: Detects applications utilizing the FLAG_SECURE setting.
    • Artifact: Lists all application databases stored locally and provides file paths for user reference.

Web Interface Improvements

  • Added support for Dark Mode.

Premium Licence Customers Only

  • Added support for iOS 18.2 beta.

iOS 18 is now available

We're excited to announce the support of iOS 18.0 build 22A3354!

iOS 18.0

MATRIX Improvements

We made a series of improvements to MATRIX!

  • Added 2 new iOS checks:

    • Application Utilizes Certificate Pinning Protections
    • Application Utilizes an Insecure Nanopb Library
  • Added 1 new artifact for both iOS & Artifact

    • Geolocation
  • Reconstituted 2 previous Android checks as artifacts:

    • Application Contains Hardcoded URL
    • Application Utilizes Intents Vulnerable to Redirection
  • Lots of bugfixes and other miscellaneous improvements.

MATRIX Improvements

MATRIX

MATRIX in 6.5 We made a stack of iterative improvements to our MATRIX feature!

  • Added support for downloading JSON to History page
  • Added tooltips to report statuses
  • Added pagination to improve UI
  • 2 new Android checks
  • 5 new iOS checks
  • Improved check outputs
  • Lots of bugfixes and improvements

Enhanced Plan Offerings

We have enhanced our plan offerings to better align with our customers’ budgets, feature requirements, and environment needs. We now provide a diverse range of plan levels, ensuring that our customers can find options that meet both their financial and operational needs.

Explore our new plans:

Added iBoot / SEP support for iPhone XR 15.2

This release provides iBoot and SEP support for iPhone XR 15.2 for customers with Premium license.

iBoot support for iPhone XR 15.2

SEP support for iPhone XR 15.2

This version requires you to install Corellium 6.4.0 first.

iOS 18 Beta Support

Customers with Premium licenses can now run both jailbroken and non-jailbroken iOS 18 beta firwares (build 22A5307).

Known Issues: The beta firmware may occasionally cause devices to panic. If a panic occurs during the initial boot process, recreate the device. If it happens after the device has booted to the home screen, try restarting the device.

iOS 18 beta

Bugs Fixes

We have improved the reliability and user interface through various bug fixes.

This version requires you to install Corellium 6.4.0 first.

LDAP Authentication

Corellium is happy to annoumce that we now support LDAP as an addition to our SSO offerings.

For more information about how to configure LDAP please see our documentation.

MATRIX Improvements

Matrix is not longer in Beta. Interested in Adding MATRIX to you account please contact your Corellium representative.

MATRIX additions and improvements just keep coming. Here are some things you can look forward to in this release.

The Introduction of Atrifacts

A new type of content in MATRIX reports! artifacts are informational items pulled from the target app, such as application databases, keychain dumps, and Plist files. These artifacts display in the MATRIX report as a file path or code block, so users can investigate them further. Users can also download them in HTML and JSON file formats.

This release will include six artifacts for iOS devices only.

  • Application Code Sizing
  • Keychain Dump
  • Application Databases
  • Application Certificates
  • Plist Files
  • Background Modes

Artifacts for Android devices are coming soon!

If a user wants to investigate an artifact further, they can copy/paste the resulting info into a new keyword file and run another MATRIX test!

Artifact Summary: When a user views the interactive MATRIX report, specifically the summary of Results at the top, they will see an "artifact" counter.

Artifacts

Auto-Select Uploaded App

Previously, after a user uploaded a target app via MATRIX, they had to manually search for and select it before starting their test. That meant extra steps and potential confusion. Now, whichever app they upload will auto-select.

Corellium Version vs. App Version

Previously, we only showed the Corellium version on JSON and HTML report. This meant UI users needed to dig around to learn what version of MATRIX they had run the target app against. Now, we show Corellium Version in the UI on both the History page and Interactive Report. We also clarify App Version and Corellium Version.

Version

Error Messaging Improvements

We now display error messages for checks in the UI. User no longer have to go to the HTML or JSON downloads to view these errors.

Error Messages

CLI / API

we continued to roll out improvements to our CLI and API, creating a more robust and coherent experience for end users.

New Android Checks

CategoryName
AuthInsecure Biometric Implementation
CryptoInsecure Random Number Generation
PlatformApplication is Vulnerable to Overlay Attacks
NetworkInsecure Security Provider
NetworkInsecure TLS Configuration
NetworkCookie Missing httpOnly Flag
NetworkCookie Missing secure Flag

New iOS Checks

CategoryName
NetworkHTTPS Traffic URL Contains Device's GPS Latitude
NetworkHTTPS Traffic URL Contains Device's GPS Longitude
NetworkHTTPS Traffic URL Contains Device IMEI
NetworkHTTPS Traffic URL Contains Sensitive Data
NetworkHTTPS Traffic URL Contains WiFi MAC Address
NetworkHTTP Cleartext Transmission of Advertiser ID
NetworkCookie Missing httpOnly Flag
NetworkCookie Missing secure Flag
StorageLocal Data Exposure: Advertiser ID Stored Insecurely
StorageLocal Data Exposure: Advertiser ID Logged Insecurely

Bugs Fixes

We ended our MATRIX improvements with an amazing "bug bash." We dedicated significant effort to make MATRIX even more reliable from the individual checks to our overall application itself.

  • Fixed completed MATRIX tests that were stuck in awaiting testing
  • Fixed inconsistencies in MATRIX results across various Android firmware versions.

MATRIX Improvements

We've been working hard on making MATRIX more powerful, robust, and interactive. Here are some things you can look forward to in this release.

More Checks

This release includes 14 new Android checks and 5 new iOS checks, primarily focused on finding sensitive values in HTTPS traffic, application signing vulnerabilities, various app protections, and the keychain. For a complete list of new checks, view our Support docs tests checks.

Regex Support for Keywords

You asked, and we listened. You can now use a regular expression syntax in your keywords file for pattern-matching static data. For example, instead of searching for variants of these patterns:

1234-1234

1234-5678

1234-0000

1234-xxxx

You can add a line item of regex(/1234-/).

Other MATRIX Updates

We also added the ability to view MATRIX reports while devices are off, view "Created by" from the HTML-generated report, and many miscellaneous bug fixes and improvements.

General Improvements

This version also applies various bug fixes for better overall performance and stability, plus continuous enhancements to our web interface for improved usability.

This month's update includes two features - one that we have had enhanced in beta for a few months now, called MATRIX, and one that is new to our platform called Snapshot Sharing.

MATRIX

If you've been playing with this feature, you may have seen it referred to in our application as MAST (Beta). Today, we're formally rolling out our name for this feature, MATRIX, which stands for Mobile Application Testing and Reporting Interface.

MATRIX now includes 8 new Android checks and 4 new iOS checks.

New Android Checks

CategoryName
AuthApplication Contains Hardcoded URLs
CryptoApplication Utilizing Insecure Cryptography
CryptoApplication Utilizing Insecure Symmetric Encryption Modes
CryptoApplication Contains Hardcoded SQLCipher Key
CryptoApplication Contains Hardcoded API Keys
PlatformApplication Contains Debuggable Webviews
PlatformApplication Utilizes Insecure JavaScript Interface
PlatformApplication Contains WebViews with JavaScript Enabled
StorageLocal Data Exposure: Sensitive Values Stored Insecurely in Memory

New iOS Checks

CategoryName
NetworkApp Transport Security (ATS) Selectively Disabled
PlatformApplication Utilizes Potentially Dangerous Permissions
PlatformPotentially Insecure iOS Entitlements
StorageLocal Data Exposure: Sensitive Values Stored in Memory

UI/UX Enhancements

Users are provided with guidance that offers a step-by-step process for completing a test. We have also included toast notifications to notify users when actions and tests have been completed. Once the tests have finished and you are ready to view the results, you can either view them in the UI or download the results in HTML or JSON formats.

The MATRIX index page has been redesigned to give users better access to their test results.

  • A summary has been added so you do not have to navigate to see your check results. Users can also sort by Status or Severity to easily find specific tests. Each test can expand to display the full list of all checks and results, including Impact, Remediation, and Evidence.

  • You will also see any tests that have not been completed, ensuring users always know where they left off. If a user tries to start a new test, they will be prompted to complete or delete the unfinished test.

  • A History section has been added, enabling users to view or delete old tests.

We believe readily available support documentation is crucial for quickly answering your questions, allowing you to stay focused on your tasks.

  • From the main MATRIX page, users can click out to view the MATRIX support homepage or the CI/CD workflow page.

    Learn how to get started with MATRIX.

Bug fixes

We have continued to fix the bugs found during our Beta. Thank you to all of our select Business customers who have sent us comments about what they have experienced. We are proud to say that we have pushed all the fixes to those bugs into this release.

Known Issues

Rooted / Jailbroken

  • MATRIX does not support non-rooted or non-jailbroken devices. To use MATRIX, ensure that the device is rooted (Android userdebug) or Jailbroken (iOS).

Project Admins Only

  • Non-project admins who attempt to use MATRIX will be automatically logged out. This will change in future updates.

Keep the App Open

  • When running MATRIX, ensure that the app is open in the virtual device until the report is generated. If the app is closed, there is a chance that the report will not be generated.

Snapshot Sharing

We are very excited about the new feature included in this release. Snapshot sharing allows users to distribute snapshots with other users within the platform. At this time, snapshot sharing is only available for Business customers only.

Learn how to get started with Snapshot sharing.

Snapshot sharing is controlled by Access Codes to ensure that only authorized individuals can use or share the snapshots, enhancing security and confidentiality.

Please note that when you create a new device from a shared live snapshot, the device's file system is copied to the new device, but the RAM state is not. This means the new device will boot up as if it were power-cycled but with the snapshot's file system state.

Virtualize iOS 17.5 Devices

Official iOS 17.5 support is now available for all customers who can virtualize compatible devices.

Today we're rolling out Corellium version 6.2.1 for on-premise and desktop appliances.

Android Live Snapshots

Live snapshots capture the state of a virtual device's RAM and filesystem. Corellium can resume live snapshots in the same state as when they were suspended, including running apps. We're bringing Live Snapshots, a feature previously only available on iOS devices, to Android.

Misc Bug Fixes

Fixed a few system stability issues.

iOS 17.5 Beta

Premium On-Site and Desktop Appliance support has been extended to include up to iOS 17.5 Beta.

UI/UX Enhancements

For this round of updates, we're taking into account the considerable feedback we've gathered from you, our customers. In response to this valuable feedback, we've made some focused improvements to our web interface to help you better understand the state of your devices and to provide more visibility around device hours and burst usage.

Device Hours & Burst Usage Transparency

In our effort to provide you with a clearer insight and a better understanding of your device usage and billing, we've made the following changes to our web interface:

  • A device hours counter has been added to the web interface to enable a better understanding of device usage by keeping a total count of the amount of device hours consumed in a billing period.

device hours counter

  • We've refreshed the subscription page, detailing the components of your plan and providing a usage summary to show your current spending based on device hours used in a given billing period.

subscription page

For subscriptions that include burst, the counter will update to reflect when the following billing thresholds are reached:

  • When you've reached 85% of your alloted hours.

device hours counter for burst usage

  • When you've reached 100% of your alloted hours. When reached, any additional device hours will be billed at the burst rate.

device hours counter for burst usage

Device States

With the transition of billing to revolve around device hours, we're helping you ease into this change by applying color schemes to the device's state indicator. This addition is aimed to provide a clear visual representation of the states of your devices.

  • A green color scheme is associated with the device's state indicator when a device is considered active.

device turn on

  • A black color scheme is associated with the device's state indicator when a device is considered turned off.

device turn off

  • A green color scheme is associated with the device's state indicator when pausing an active device to show that the device is active when paused.

device pause

Accessibility Work

We've made significant headway in our goal to achieve WCAG 2.1 AA compliance, and our efforts are ongoing. We are committed to integrating accessibility improvements throughout our product, ensuring it becomes increasingly accessible for all users to promote a more inclusive experience.

Virtualize iOS 17.4 Devices

Official iOS 17.4 support is now available for all customers who can virtualize compatible devices.

iOS 17.4 GA

MATRIX Fixes and Enhancements

We've made some updates to enhance your experience with our MATRIX UI. To help you quickly review the outcomes of your MATRIX tests, we've introduced a Summary and Results section. This new feature allows you to easily view the results of the security tests that have been run. We've also made various bug fixes and general enhancements to further improve our MATRIX solution.

MATRIX Reporting/Summary

Key Bug Fixes

  • Fixed an issue where USBFlux did not contain all the correct architecture types.
  • Fixed an issue preventing iOS 17 devices from connecting to Xcode.

MATRIX (Beta) for Cloud

We have released our automated mobile app security testing tool, known as MATRIX, to our Business Cloud customers. Available for both iOS and Android devices, MATRIX drastically reduces the effort, cost, and time required to perform professional-grade penetration testing.

Learn how to get started with MATRIX.

Note: For our Cloud customers, our MATRIX tool requires a device that was created on February 1, 2024, or after.

MATRIX Report

Virtualize iOS 17.3.1 Devices

Customers can now run iOS 17.3.1 on all compatible virtual devices.

Added Support for iOS 17.3.1

WCAG 2.1 Improved Compliance

We rebuilt the device tools and features pages, the global navigation bars, the home page, and the admin pages to be more compliant with the Web Content Accessibility Guidelines 2.1 (WCAG 2.1) standard.

Bug fixes

We've also included miscellaneous bug fixes in this release.

Corellium proudly presents iPhone 15 devices! iPhone 15, 15 Plus, 15 Pro and 15 Pro Max, along with iOS up to version 17.0.3

Additional updates include:

  • Added a Current Period Usage panel in the Admin > Subscription page to track your usage for our current subscription offerings
  • SSO is now generally available for Business customers, refer to our documentation to get started
  • Miscellaneous bug fixes and improvements, including Accessibility enhancements