In mobile app development, there are two primary approaches: native apps and hybrid apps. Native apps are developed for specific platforms using languages like Swift for iOS and Kotlin for Android, offering fast performance and a smooth user experience. Hybrid apps, on the other hand, are built with web technologies […]
In recent weeks, more news has come out about vulnerabilities affecting Apple devices. In the following article, we present some details about these findings and some important lessons we can learn from them.
On July 17, 2021, the world became aware of WifiDemon, a critical zero-touch remote-code execution vulnerability impacting iOS devices. Research conducted and published by the ZecOps Mobile EDR team has proven that what was thought to be a network crash bug is in actuality a security risk for iOS devices. […]
Abstract When approaching the development of a mobile application, one of the key design decisions revolves around the server side aspect of the application. Specifically, storage of information relevant to the app’s usage, as well as the backend API’s allowing the app to query the server for information in real […]
Apple is making a new change in the way it secures the code running in its mobile operating system. This signals – yet again – that threats to mobile devices are very real. The change is currently in the beta version of the next iOS version – 14.5. It makes […]
Apple’s high-profile release of iOS 14.4, including security fixes for three critical vulnerabilities said to have been exploited by hackers in the wild, once again shows why enterprises need to deploy mobile threat defense (MTD) solutions. Whether it is the Jeff Bezos hack or the ‘scariest iPhone hack ever,’ vulnerabilities […]
It’s been called the ‘scariest iPhone hack ever.’ According to a recent Ars Technica article, “Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device – over Wi-Fi, with no […]
When most people think of Zimperium, they may recognize us as the leader in enterprise mobile device and app security. Or, they have seen the recent news on the Defense Information Systems Agency (DISA), a U.S. Department of Defense (DoD) organization, selecting us to deliver comprehensive Mobile Endpoint Protection (MEP) […]
Affected Component: all iOS versions < 14.0 LSDIconCache Latest Vulnerable Version: iOS 13.7 Vendor: Apple, Inc. CVE: CVE-2020-9773 Disclosure Timeline Bug discovered: December 1st, 2019 Vendor notified: December 17th, 2019 First patch attempt: March 24th, 2020 Final patch released: September 15th, 2020 Summary A sandboxed application can circumvent updated iOS […]
Nearly 75% used AT&T or AT&T and Yahoo logos Scammers – masquerading as more than 25 different companies, brands and government agencies – used 265 Google Forms in an effort to steal user passwords and credentials. According to our findings, the links remained active for several months after being added […]
Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox