ZipperDown Infecting iOS Apps

Windows Articles

How to install Oracle Java 15 on Ubuntu 20.04 / 18.04?

Hello, friends. We know that Java is one of the most popular programming languages and now it's version 15. So in this...

How to run the Linux Tail command in Windows 10.

Hi! The title of this post may seem incongruous, but it's not. In fact, for some time Microsoft has approached positions with...

How to compress large videos in Windows 10

Hello, how are you? Multimedia resources are definitely used in any system. Indeed, we live in the age of technology. That's why...

How to get Google Opinion Rewards in any Country

Greetings! Google Opinion Rewards is a cool app, which will allow you to earn credit, to spend it on the Google Play...

How to change the hostname on Ubuntu?

This simple tutorial will teach you how to change the hostname on Ubuntu. The steps we will tell you here will work...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

iOS is supposed to be one of the toughest platforms for security. Apple designed it really good for being smooth and secured at the same time. However, a new vulnerability is found in the iOS apps that infect almost 10% of all the iOS apps all over the world.

Security researchers from Pangu Lab, a well-known company for providing jailbreaks have confirmed the vulnerability and named it “ZipperDown”. This flaw, according to their description, is a common programming error that leads to severe consequences like data overwriting, even code execution in the affected apps’ context.

Vulnerable apps

Pangu Lab created a scan rule for searching ZipperDown flaw in iOS apps. According to the result, 15,978 out of 168,951 scanned apps appear to have ZipperDown infection. However, they also added that the apps are to be manually inspected for confirmation.

Unfortunately, in the list of vulnerable apps, there are some really popular apps like NetEase Music, QQ Music, MOMO, Kwai etc. who have over 100 million users. Here’s a video where the researchers showed a demo infecting Weibo.

Devs must contact the researchers

Pangu Lab said that due to the potential infection in a large amount of apps, they’re not able to verify all the individual apps precisely. Moreover, the number of authors of infected apps is also large enough, making it really difficult for contacting each of them and informing the issue.

That’s why the company is asking the devs if their apps is on the list of potential infection list, they need to contact Pangu Lab for further details and test & fix their application(s).

Android infected(?)

According to Pangu Lab, Android also suffers from similar issues like ZipperDown. The researchers said that they’ll continue further investigation for pinning the flaw.

Fortunatley, ZipperDown isn’t like other vulnerabilities and not available for easy exploitation. In order to exploit, the hacker must be within the range of the same network position for hijacking/spoofing traffic. According to the researchers, the sandbox on both Android and iOS are really effective in mitigating any possible damage for ZipperDown’s consequences.

How to stay secured

If you want to protect yourself from the vulnerability, you have to make sure that you are using the latest version of all the installed apps. It’s highly likely that app devs will release update to their software in the future.

Recently, the source code of TreasureHunter malware went public. Learn more about the source code leak and the future attacks.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to install Oracle Java 15 on Ubuntu 20.04 / 18.04?

Hello, friends. We know that Java is one of the most popular programming languages and now it's version 15. So in this...

How to run the Linux Tail command in Windows 10.

Hi! The title of this post may seem incongruous, but it's not. In fact, for some time Microsoft has approached positions with...

How to compress large videos in Windows 10

Hello, how are you? Multimedia resources are definitely used in any system. Indeed, we live in the age of technology. That's why...

How to get Google Opinion Rewards in any Country

Greetings! Google Opinion Rewards is a cool app, which will allow you to earn credit, to spend it on the Google Play...

How to change the hostname on Ubuntu?

This simple tutorial will teach you how to change the hostname on Ubuntu. The steps we will tell you here will work...
x