Apple’s high-profile release of iOS 14.4, including security fixes for three critical vulnerabilities said to have been exploited by hackers in the wild, once again shows why enterprises need to deploy mobile threat defense (MTD) solutions. Whether it is the Jeff Bezos hack or the ‘scariest iPhone hack ever,’ vulnerabilities […]
Can you explain what checkm8 is? On Friday, September 27th 2019, a security researcher known as @axi0mX publicly disclosed a vulnerability together with a working exploit called checkm8 (read “checkmate”). This permanent and unpatchable exploit leverages a vulnerability in Apple’s bootrom (read-only code; SecureROM), the initial and critical part in […]
Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing traditional endpoints, very little has been invested to protect mobile device endpoints. Attackers work on the same model as any other business: where do they get the […]
Long Term Evolution (LTE) is the latest mobile telephony standard designed to bring many security improvements over the predecessor standard known as the Global System for Mobile (GSM). In a new research paper, security researchers from Ruhr-Universität Bochum and New York University Abu Dhabi outline attacks that could allow sophisticated […]
Last Monday, security researchers from iOS jailbreak firm, Pangu Lab, announced a vulnerability that they believe affects around 10% of all iOS apps. In a blog on its newly created information site, https://zipperdown.org/ , Pangu stated that its researchers noticed “a common programming error, which leads to severe consequences such […]
The mobile security arms race continues, OS update after OS update. With every update, it is a race against time before someone releases a new exploit that can allow users to jailbreak devices… or worse, remote attackers to compromise devices. While jailbreaking a mobile device can be fine (or even […]
Follow @doadam Following my previous post, I’m releasing ziVA: a fully chained iOS kernel exploit that (should) work on all the iOS devices running iOS 10.3.1 or earlier. The exploit itself consists of multiple vulnerabilities that were discovered all in the same module: AppleAVEDriver. The exploit will be covered in […]
We see a lot of confusion in the market about precisely what it means to jailbreak a device–and that confusion could lead to serious problems, especially regarding a hacker performing a jailbreak to attack a device. The security industry is notoriously full of acronyms, buzzwords and generally opaque jargon. Here at […]
Your million dollar 0day just got burned and now worth nothing? No worries – we are still interested in your exploit. The value of 0days can range from a few thousands to even a million dollars for a full remote exploit chain and many companies and governments are willing to […]
Zuk Avraham, Founder Follow Zuk Avraham (@ihackbanme) Last week, Ian Beer, from the Google Project Zero research team, released his local elevation of privileges exploit targeting iOS 10.1.1 [1]. We immediately understood that we had another opportunity to assess a new zero day exploit against our Machine-Learning attack and exploit […]
Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox