zLabs Advanced Mobile Security Research and Exploitation Team

The zLabs Advanced Research and Exploitation team is the world’s most qualified and talented collection of researchers focused 100% exclusively on mobile. With backgrounds at companies ranging from eBay and Samsung to Microsoft and Freescale, zLabs researchers are setting the bar for the industry. zLabs researchers discovered and documented attacks such as Stagefright on Android, zIVA on iOS and provided detailed analysis of the FreeRTOS TCP/IP Stack Vulnerabilities. The team have responsibly disclosed more iOS and Android vulnerabilities than all other major competitors combined.

Zimperium’s zLabs team is a key member of the App Defense Alliance. Leveraging our extensive mobile security research expertise and some of the most renown security researchers in the world, zLabs is working with Google to ensure apps entering the Play Store are free of malicious content. Learn more about it here.

Awards & Recognition

The team's awards, certifications, specialized training and recognition are unparalleled in mobile security. Here is just a subset:

Adobe Independent Security Researchers

AT&T Bug Bounty Hall of Fame

Barracuda Networks BugBounty Hall of Fame

BitDefender Hall of Fame

Hack in the Box 2017 Machine Learning Competition, 1st Prize

Certified Ethical Hacker

CoinBase BugBounty Hall of Fame

Computer Hacking Forensic Investigator

cPanel Full Disclosure

eBay Security Researchers

Certified Security Analyst

edX Certificate, Distributed Machine Learning with Apache Spark

EKOPARTY CTF – 1st PLACE

Envato Helpful Hacker

Friends of Offensive Security

Google Application Security Hall of Fame

Kaneva Whitehat Hall of Fame

Microsoft Certified IT Professional Enterprise Administrator

Microsoft Certified IT Professional Server Administrator

Microsoft Security Acknowledged Researchers

MIT: Tackling the Challenges of Big Data, Certificate

Nokia Responsible Disclosure Hall of Fame

Olark Responsible Disclosure Program Special Thanks

PayPal Wall of Fame, Top 10 Researchers

Stanford: Cryptography, Certificate

Stanford: Machine Learning, Certificate

Twitter’s Top Hackers on HackerOne

Zynga Security Whitehat Hall of Fame

SANS GIAC Reverse Engineering Malware (GREM)

GIAC Mobile Device Security Analyst (GMOB)

Awarded CVEs

In the last few years, zLabs has discovered and responsibly disclosed more mobile vulnerabilities than all other major competitors combined. Beginning in 2017, here is the growing list:
CVEYearResearcherPlatformSeverity
CVE 2020-97732020Chilik TamiriOSUnassigned
CVE 2020-9922020Nikias BasseniOSUnassigned
CVE-2020-38312020Chilik TamiriOSUnassigned
CVE-2019-85452019Adam DonenfeldiOSUnassigned
CVE-2019-88042019Christy MathewiOSUnassigned
CVE-2019-140412019Tamir Zahavi-BrunnerQualcommUnassigned
CVE -2019-140402019Tamir Zahavi-BrunnerQualcommUnassigned
CVE-2018-42822018Adam DonenfeldiOSUnassigned
CVE-2018-94112018Tamir Zahavi-BrunnerAndroidUnassigned
CVE-2018-95392018Tamir Zahavi-BrunnerAndroidUnassigned
CVE-2018-165222018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165252018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165262018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165282018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165232018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165242018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165272018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165992018Ori KarlinerFreeRTOSUnassigned
CVE-2018-166002018Ori KarlinerFreeRTOSUnassigned
CVE-2018-166012018Ori KarlinerFreeRTOSUnassigned
CVE-2018-166022018Ori KarlinerFreeRTOSUnassigned
CVE-2018-166032018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165982018Ori KarlinerFreeRTOSUnassigned
CVE-2018-41092018Adam DonenfeldiOSUnassigned
CVE-2018-40872018Rani IdaniOSUnassigned
CVE-2018-40952018Rani IdaniOSUnassigned
CVE-2017-132532017Tamir Zahavi BrunnerAndroidHigh
CVE-2017-69992017Adam DonenfeldiOS7.8
CVE-2017-69982017Adam DonenfeldiOS7.8
CVE-2017-69972017Adam DonenfeldiOS7.8
CVE-2017-69962017Adam DonenfeldiOS7.8
CVE-2017-69952017Adam DonenfeldiOS7.8
CVE-2017-69942017Adam DonenfeldiOS7.8
CVE-2017-69892017Adam DonenfeldiOS7.8
CVE-2017-69792017Adam DonenfeldiOS7.0
CVE-2017-50542017Nicolas TripparAndroid8.8

Get started with Zimperium today