In recent weeks, more news has come out about vulnerabilities affecting Apple devices. In the following article, we present some details about these findings and some important lessons we can learn from them.
Currently browsing: iOS
Zimperium and Intertrust Partner to Provide End-to-End Security for IoT devices
Zimperium and Intertrust’s partnership offers best-in-class protection for edge devices in trusted data ecosystems Today, Zimperium and Intertrust announced a partnership to provide end-to-end security and data management for IoT devices, apps and media services operating in Zero Trust environments. Under the terms of the partnership, Intertrust will offer Zimperium’s […]
Why the Software Bill Of Materials(SBOM) Must Extend to the Mobile App Supply Chain
Supply Chain attacks are not a new problem, but their frequency has been increasing since 2013 when Target was breached. But the recent attacks on SolarWinds Orion, Kaseya VSA, Accellion, Microsoft have highlighted the fact that cybercriminals have shifted their focus from the primary targets to their suppliers. Why? […]
Pegasus Spyware Resurfaces with Newly Revealed Zero-Click Vulnerability
On September 13, The Citizen Lab revealed new research surrounding the Pegasus spyware campaign, presenting further details around their discovery of a zero-click vulnerability targeting Apple devices across the entire endpoint ecosystem. In response to the disclosure, Apple has released security updates for all their devices from mobile to desktop. […]
WifiDemon Zero-Click iOS Vulnerability: Zimperium Customers Are Protected
On July 17, 2021, the world became aware of WifiDemon, a critical zero-touch remote-code execution vulnerability impacting iOS devices. Research conducted and published by the ZecOps Mobile EDR team has proven that what was thought to be a network crash bug is in actuality a security risk for iOS devices. […]
Sideloaded Applications: The Risk of Fewer Restrictions
Would you trust an application on your device from a third-party app store? Would you trust that same app store on the endpoints connected to your corporate infrastructure? The premise of a third-party app store is relatively innocent on the surface, with hundreds of repositories set up to enable mobile […]
Apple’s Upcoming iOS 14.5 Update Once Again Illustrates Mobile Threats are Real
Apple is making a new change in the way it secures the code running in its mobile operating system. This signals – yet again – that threats to mobile devices are very real. The change is currently in the beta version of the next iOS version – 14.5. It makes […]
P for Privacy – The Background Story of CVE-2020-9773
Affected Component: all iOS versions < 14.0 LSDIconCache Latest Vulnerable Version: iOS 13.7 Vendor: Apple, Inc. CVE: CVE-2020-9773 Disclosure Timeline Bug discovered: December 1st, 2019 Vendor notified: December 17th, 2019 First patch attempt: March 24th, 2020 Final patch released: September 15th, 2020 Summary A sandboxed application can circumvent updated iOS […]
c0ntextomy – Let’s Debug Together: CVE-2020-9992
Apple recently released the long awaited iOS/iPadOS 14.0 update alongside an updated Xcode 12.0. As part of this update, Apple fixed a vulnerability in the Development Tools, that was reported earlier this year as a joint effort by our Zimperium zLabs researcher and VP of Product Security Nikias Bassen, and […]
CVE-2019-8804: An inconsistency in Wi-Fi network configuration
Researcher: Christy Philip Mathew (@christypriory) Relevant Devices: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation CVE: CVE-2019-8804 Summary An attacker in physical proximity of an Apple Store or an Apple retailer may be able to force a user onto […]