zLabs Advanced Mobile Security Research and Exploitation Team

The zLabs Advanced Research and Exploitation team is the world’s most qualified and talented collection of researchers focused 100% exclusively on mobile. With backgrounds at companies ranging from eBay and Samsung to Microsoft and Freescale, zLabs researchers are setting the bar for the industry. zLabs researchers discovered and documented attacks such as Stagefright on Android, zIVA on iOS and provided detailed analysis of the FreeRTOS TCP/IP Stack Vulnerabilities. The team have responsibly disclosed more iOS and Android vulnerabilities than all other major competitors combined.

Zimperium’s zLabs team is a key member of the App Defense Alliance. Leveraging our extensive mobile security research expertise and some of the most renown security researchers in the world, zLabs is working with Google to ensure apps entering the Play Store are free of malicious content. Learn more about it here.

Awards & Recognition

The team's awards, certifications, specialized training and recognition are unparalleled in mobile security. Here is just a subset:

Adobe Independent Security Researchers

AT&T Bug Bounty Hall of Fame

Barracuda Networks BugBounty Hall of Fame

BitDefender Hall of Fame

Hack in the Box 2017 Machine Learning Competition, 1st Prize

Certified Ethical Hacker

CoinBase BugBounty Hall of Fame

Computer Hacking Forensic Investigator

cPanel Full Disclosure

eBay Security Researchers

Certified Security Analyst

edX Certificate, Distributed Machine Learning with Apache Spark

EKOPARTY CTF – 1st PLACE

Envato Helpful Hacker

Friends of Offensive Security

Google Application Security Hall of Fame

Kaneva Whitehat Hall of Fame

Microsoft Certified IT Professional Enterprise Administrator

Microsoft Certified IT Professional Server Administrator

Microsoft Security Acknowledged Researchers

MIT: Tackling the Challenges of Big Data, Certificate

Nokia Responsible Disclosure Hall of Fame

Olark Responsible Disclosure Program Special Thanks

PayPal Wall of Fame, Top 10 Researchers

Stanford: Cryptography, Certificate

Stanford: Machine Learning, Certificate

Twitter’s Top Hackers on HackerOne

Zynga Security Whitehat Hall of Fame

SANS GIAC Reverse Engineering Malware (GREM)

GIAC Mobile Device Security Analyst (GMOB)

Awarded CVEs

In the last few years, zLabs has discovered and responsibly disclosed more mobile vulnerabilities than all other major competitors combined. Beginning in 2017, here is the growing list:
CVE Year Researcher Platform Severity
CVE 2020-9773 2020 Chilik Tamir iOS Unassigned
CVE 2020-992 2020 Nikias Bassen iOS Unassigned
CVE-2020-3831 2020 Chilik Tamir iOS Unassigned
CVE-2019-8545 2019 Adam Donenfeld iOS Unassigned
CVE-2019-8804 2019 Christy Mathew iOS Unassigned
CVE-2019-14041 2019 Tamir Zahavi-Brunner Qualcomm Unassigned
CVE -2019-14040 2019 Tamir Zahavi-Brunner Qualcomm Unassigned
CVE-2018-4282 2018 Adam Donenfeld iOS Unassigned
CVE-2018-9411 2018 Tamir Zahavi-Brunner Android Unassigned
CVE-2018-9539 2018 Tamir Zahavi-Brunner Android Unassigned
CVE-2018-16522 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16525 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16526 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16528 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16523 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16524 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16527 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16599 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16600 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16601 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16602 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16603 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-16598 2018 Ori Karliner FreeRTOS Unassigned
CVE-2018-4109 2018 Adam Donenfeld iOS Unassigned
CVE-2018-4087 2018 Rani Idan iOS Unassigned
CVE-2018-4095 2018 Rani Idan iOS Unassigned
CVE-2017-13253 2017 Tamir Zahavi Brunner Android High
CVE-2017-6999 2017 Adam Donenfeld iOS 7.8
CVE-2017-6998 2017 Adam Donenfeld iOS 7.8
CVE-2017-6997 2017 Adam Donenfeld iOS 7.8
CVE-2017-6996 2017 Adam Donenfeld iOS 7.8
CVE-2017-6995 2017 Adam Donenfeld iOS 7.8
CVE-2017-6994 2017 Adam Donenfeld iOS 7.8
CVE-2017-6989 2017 Adam Donenfeld iOS 7.8
CVE-2017-6979 2017 Adam Donenfeld iOS 7.0
CVE-2017-5054 2017 Nicolas Trippar Android 8.8

Get started with Zimperium today