Windows 10 News and info | Forum
August 15, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: ZipperDown Vulnerability May Impact 10% of All iOS Apps  (Read 63 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 28763


I Do Windows


WWW Email
« on: May 18, 2018, 04:53:08 AM »
ReplyReply

Security researchers from Pangu Lab, a well-known company that provides iOS jailbreaks, said on Monday that they have found a vulnerability that they believe affects around 10% of all iOS apps.

Researchers described the issue —which they named ZipperDown— as "a common programming error, which leads to severe consequences such as data overwritten and even code execution in the context of affected apps."

15,978 out of 168,951 iOS apps are most likely affected

Pangu Lab said it created an automated scan rule to search for ZipperDown in iOS apps. Researchers found that 15,978 out of the total of 168,951 iOS apps they scanned appeared to be impacted by the ZipperDown vulnerability, although, apps need to be manually inspected to confirm that they are affected.



The list of vulnerable apps also includes several high-profile iOS apps that have more than 100 million users, such as Weibo, MOMO, NetEase Music, QQ Music, and Kwai.

Researchers also published a demo video exploiting ZipperDown in the Weibo app to achieve code execution rights.



Devs of vulnerable apps have to contact the researchers

"Due to a large amount of potentially affected apps, we cannot verify all the results precisely," Pangu Lab said.

In addition, because so many apps are affected, researchers couldn't contact the developers of each app individually to inform them of the issue.

The company is asking the developers of apps found on its list of potentially affected apps to contact the research team to receive details about the ZipperDown vulnerability, so each developer can test and fix his application.

Quote
If you were the developer or vendor of the apps on the list, you are welcome to contact us. We would share you the detail of ZipperDown, and let us cooperatively fix the potential issue in your app. We would also appreciate if you could notify us in the case that your listed app is not vulnerable. The best way to reach us is the following Email: zipperdown@pwnzen.com.


Android also affected

Pangu Lab researchers also said that Android applications are also affected by similar issues and that they will release more details in the future.

The good news is that exploiting ZipperDown is not as straightforward as other vulnerabilities and an attacker must be in a network position to hijack or spoofing traffic to the device.

Furthermore, "the sandbox on both iOS and Android can effectively limit ZipperDown’s consequence," researchers said.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page July 21, 2018, 02:28:22 PM