In recent weeks, more news has come out about vulnerabilities affecting Apple devices. In the following article, we present some details about these findings and some important lessons we can learn from them.
All posts tagged: iOS
WifiDemon Zero-Click iOS Vulnerability: Zimperium Customers Are Protected
On July 17, 2021, the world became aware of WifiDemon, a critical zero-touch remote-code execution vulnerability impacting iOS devices. Research conducted and published by the ZecOps Mobile EDR team has proven that what was thought to be a network crash bug is in actuality a security risk for iOS devices. […]
Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps
Abstract When approaching the development of a mobile application, one of the key design decisions revolves around the server side aspect of the application. Specifically, storage of information relevant to the app’s usage, as well as the backend API’s allowing the app to query the server for information in real […]
Apple’s Upcoming iOS 14.5 Update Once Again Illustrates Mobile Threats are Real
Apple is making a new change in the way it secures the code running in its mobile operating system. This signals – yet again – that threats to mobile devices are very real. The change is currently in the beta version of the next iOS version – 14.5. It makes […]
Apple’s Latest Security Fix Shows Why Enterprises Need MTD
Apple’s high-profile release of iOS 14.4, including security fixes for three critical vulnerabilities said to have been exploited by hackers in the wild, once again shows why enterprises need to deploy mobile threat defense (MTD) solutions. Whether it is the Jeff Bezos hack or the ‘scariest iPhone hack ever,’ vulnerabilities […]
‘Scariest iPhone Hack Ever’ Illustrates Importance of Protecting Mobile Devices
It’s been called the ‘scariest iPhone hack ever.’ According to a recent Ars Technica article, “Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device – over Wi-Fi, with no […]
Why Leading Cities and States Should be Protecting ‘Digital Citizens’ from Mobile Threats
When most people think of Zimperium, they may recognize us as the leader in enterprise mobile device and app security. Or, they have seen the recent news on the Defense Information Systems Agency (DISA), a U.S. Department of Defense (DoD) organization, selecting us to deliver comprehensive Mobile Endpoint Protection (MEP) […]
P for Privacy – The Background Story of CVE-2020-9773
Affected Component: all iOS versions < 14.0 LSDIconCache Latest Vulnerable Version: iOS 13.7 Vendor: Apple, Inc. CVE: CVE-2020-9773 Disclosure Timeline Bug discovered: December 1st, 2019 Vendor notified: December 17th, 2019 First patch attempt: March 24th, 2020 Final patch released: September 15th, 2020 Summary A sandboxed application can circumvent updated iOS […]
Scammers Used 265 Different Google Forms to Dupe Unsuspecting Users of Top Brands
Nearly 75% used AT&T or AT&T and Yahoo logos Scammers – masquerading as more than 25 different companies, brands and government agencies – used 265 Google Forms in an effort to steal user passwords and credentials. According to our findings, the links remained active for several months after being added […]
Top 5 Mobile Security Stories of a Crazy 2020
2020 has been crazy… to say the least. But in many ways, 2020 has thrust a huge spotlight on something we’ve known for quite some time – – mobile threats are real and mobile devices and apps need protection. It truly is crazy how many stories we’ve seen – and […]
Mobile Security Updates
Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox