zLabs Advanced Mobile Security Research and Exploitation Team

The zLabs Advanced Research and Exploitation team is the world’s most qualified and talented collection of researchers focused 100% exclusively on mobile. With backgrounds at companies ranging from eBay and Samsung to Microsoft and Freescale, zLabs researchers are setting the bar for the industry. zLabs researchers discovered and documented attacks such as Stagefright on Android, zIVA on iOS and provided detailed analysis of the FreeRTOS TCP/IP Stack Vulnerabilities. The team have responsibly disclosed more iOS and Android vulnerabilities than all other major competitors combined.
Zimperium’s zLabs team is a key member of the App Defense Alliance. Leveraging our extensive mobile security research expertise and some of the most renown security researchers in the world, zLabs is working with Google to ensure apps entering the Play Store are free of malicious content. Learn more about it here.

Awards & Recognition
The team's awards, certifications, specialized training and recognition are unparalleled in mobile security. Here is just a subset:

Adobe Independent Security Researchers

AT&T Bug Bounty Hall of Fame

Barracuda Networks BugBounty Hall of Fame

BitDefender Hall of Fame

Hack in the Box 2017 Machine Learning Competition, 1st Prize

Certified Ethical Hacker

CoinBase BugBounty Hall of Fame

Computer Hacking Forensic Investigator

cPanel Full Disclosure

eBay Security Researchers

Certified Security Analyst

edX Certificate, Distributed Machine Learning with Apache Spark

EKOPARTY CTF – 1st PLACE

Envato Helpful Hacker

Friends of Offensive Security

Google Application Security Hall of Fame

Kaneva Whitehat Hall of Fame

Microsoft Certified IT Professional Enterprise Administrator

Microsoft Certified IT Professional Server Administrator

Microsoft Security Acknowledged Researchers

MIT: Tackling the Challenges of Big Data, Certificate

Nokia Responsible Disclosure Hall of Fame

Olark Responsible Disclosure Program Special Thanks

PayPal Wall of Fame, Top 10 Researchers

Stanford: Cryptography, Certificate

Stanford: Machine Learning, Certificate

Twitter’s Top Hackers on HackerOne

Zynga Security Whitehat Hall of Fame

SANS GIAC Reverse Engineering Malware (GREM)

GIAC Mobile Device Security Analyst (GMOB)
2024 Global Mobile
Threat Report

Awarded CVEs
In the last few years, zLabs has discovered and responsibly disclosed more mobile vulnerabilities than all other major competitors combined. Beginning in 2017, here is the growing list:
CVE | Year | Researcher | Platform | Severity |
---|---|---|---|---|
CVE 2020-9773 | 2020 | Chilik Tamir | iOS | Unassigned |
CVE 2020-992 | 2020 | Nikias Bassen | iOS | Unassigned |
CVE-2020-3831 | 2020 | Chilik Tamir | iOS | Unassigned |
CVE-2019-8545 | 2019 | Adam Donenfeld | iOS | Unassigned |
CVE-2019-8804 | 2019 | Christy Mathew | iOS | Unassigned |
CVE-2019-14041 | 2019 | Tamir Zahavi-Brunner | Qualcomm | Unassigned |
CVE -2019-14040 | 2019 | Tamir Zahavi-Brunner | Qualcomm | Unassigned |
CVE-2018-4282 | 2018 | Adam Donenfeld | iOS | Unassigned |
CVE-2018-9411 | 2018 | Tamir Zahavi-Brunner | Android | Unassigned |
CVE-2018-9539 | 2018 | Tamir Zahavi-Brunner | Android | Unassigned |
CVE-2018-16522 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16525 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16526 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16528 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16523 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16524 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16527 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16599 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16600 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16601 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16602 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16603 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16598 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-4109 | 2018 | Adam Donenfeld | iOS | Unassigned |
CVE-2018-4087 | 2018 | Rani Idan | iOS | Unassigned |
CVE-2018-4095 | 2018 | Rani Idan | iOS | Unassigned |
CVE-2017-13253 | 2017 | Tamir Zahavi Brunner | Android | High |
CVE-2017-6999 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6998 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6997 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6996 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6995 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6994 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6989 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6979 | 2017 | Adam Donenfeld | iOS | 7.0 |
CVE-2017-5054 | 2017 | Nicolas Trippar | Android | 8.8 |