On July 17, 2021, the world became aware of WifiDemon, a critical zero-touch remote-code execution vulnerability impacting iOS devices. Research conducted and published by the ZecOps Mobile EDR team has proven that what was thought to be a network crash bug is in actuality a security risk for iOS devices. Variations of the vulnerability impact iOS 14.0 to 14.6, meaning even the newest versions of iOS are still at risk until Apple releases a patch and update.
The research team at ZecOps is reporting that the network crash issue is actually an unpatched zero-day vulnerability enabling attackers to remotely execute code on the victim’s phone or tablet without any interaction or notification for the end-user. While the zero-click component of the vulnerability was patched with iOS 14.4, newer versions of the mobile OS are still at risk to the zero-day remote code execution vulnerability.
The Zimperium team has verified the ZecOps research data and has verified that devices running Zimperium zIPS on iOS customers are protected against this zero-touch, zero-day vulnerability. No further action is necessary for Zimperium customers against this risk.
July 20, 2021 Update: Apple has confirmed that iOS 14.7 addresses and patches these vulnerabilities.
Zimperium, the global leader in mobile security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats. Powered by z9, Zimperium provides protection against device, network, phishing, and malicious app attacks. For more information or to schedule a demo, contact us today.