iOS is supposed to be one of the toughest platforms for security. Apple designed it really good for being smooth and secured at the same time. However, a new vulnerability is found in the iOS apps that infect almost 10% of all the iOS apps all over the world.
Security researchers from Pangu Lab, a well-known company for providing jailbreaks have confirmed the vulnerability and named it “ZipperDown”. This flaw, according to their description, is a common programming error that leads to severe consequences like data overwriting, even code execution in the affected apps’ context.
Pangu Lab created a scan rule for searching ZipperDown flaw in iOS apps. According to the result, 15,978 out of 168,951 scanned apps appear to have ZipperDown infection. However, they also added that the apps are to be manually inspected for confirmation.
Unfortunately, in the list of vulnerable apps, there are some really popular apps like NetEase Music, QQ Music, MOMO, Kwai etc. who have over 100 million users. Here’s a video where the researchers showed a demo infecting Weibo.
Devs must contact the researchers
Pangu Lab said that due to the potential infection in a large amount of apps, they’re not able to verify all the individual apps precisely. Moreover, the number of authors of infected apps is also large enough, making it really difficult for contacting each of them and informing the issue.
That’s why the company is asking the devs if their apps is on the list of potential infection list, they need to contact Pangu Lab for further details and test & fix their application(s).
According to Pangu Lab, Android also suffers from similar issues like ZipperDown. The researchers said that they’ll continue further investigation for pinning the flaw.
Fortunatley, ZipperDown isn’t like other vulnerabilities and not available for easy exploitation. In order to exploit, the hacker must be within the range of the same network position for hijacking/spoofing traffic. According to the researchers, the sandbox on both Android and iOS are really effective in mitigating any possible damage for ZipperDown’s consequences.
How to stay secured
If you want to protect yourself from the vulnerability, you have to make sure that you are using the latest version of all the installed apps. It’s highly likely that app devs will release update to their software in the future.
Recently, the source code of TreasureHunter malware went public. Learn more about the source code leak and the future attacks.