The newly discovered ZipperDown vulnerability may allow an remote code execution on iOS apps. It affects 15,978 out of 168,951 iOS apps (around 10%) in total.
Pangu Lab detected the vulnerability and they named it named it ZipperDown “common programming error, which leads to severe consequences such as data overwritten and even code execution in the context of affected Apps.”
ZipperDown is a very typical programming error that could allow attackers to overwrite the affected app’s data, or even gain code execution in the context of the affected app.
The good news here is that the Execution of the Vulnerability is complicated. The attacker should have the control over the wireless network where the device connected and the affected app should run out of the sandbox.
According to Pangu Lab researchers analysis, the vulnerability affects some famous apps including Weibo, MOMO, NetEase Music, QQ Music and Kwai that are downloaded by more than 100 million users.
The ZipperDown vulnerability details were not disclosed in public to protect the end users, researchers recommend app developers to contact them for more details on ZipperDown.
Also Read DNS Hijacking Method Used by Powerful Malware to Hack Android, Desktop & iOS Devices
Pangu Lab researchers said Android users also affected, according to their analysis with the popular Android apps have the similar issues. Android developers can check the vulnerability with ZipperDown Vulnerability Detector for Android, but it may have high false positives.
At this time there is no All-In-One detection for this vulnerability and the researchers recommend the manual inspection to confirm it.
GitLab has announced the release of critical security updates for its Community Edition (CE) and…
Multiple Xerox printer models, including EC80xx, AltaLink, VersaLink, and WorkCentre, have been identified as vulnerable…
Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance…
Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious…
Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635…
A database containing over 1,000 email accounts associated with the National Health Service (NHS) has…