The open source Metasploit vulnerability testing framework got a major overhaul this week with the release of Metasploit 3.7.
The Metasploit 3.7 release provides an enhanced session tracking backend that is intended to improve performance. Metasploit 3.7 also provides over 35 new exploit modules for security researchers to test, including new ones designed to test Apple's iOS mobile operating system security.
The Apple iOS Backup File Extraction module however is not an attack vector for directly exploiting iOS. Rather it is what is known as a post-exploitation module.
"The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability," HD Moore, Rapid7 chief security officer and Metasploit chief architect told InternetNews.com. "This module requires iTunes to be installed and for a backend to be accessible that has not been encrypted."
"In large corporate environments, a single domain administrator login can yield access to hundreds of desktop systems, and the Metasploit Pro product makes it easy to scavenge these iTunes backup files from the entire network at once," Moore said.
Metasploit is a popular vulnerability testing frame and is available in Express, Pro and Open Source editions. The Metasploit 3.7 release follows the Metasploit 3.6 release, which came out in March and had a focus on compliance related issues.
With Metasploit 3.7, in addition to new exploit module, there is a focus on improving performance. The improvements to the session tracking system and the associated database in Metasploit 3.7, means that Metasploit is now faster.
LINK TO OUR HOME PAGE :