Security News ZipperDown Vulnerability May Impact 10% of All iOS Apps

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/apple/zipperdown-vulnerability-may-impact-10-percent-of-all-ios-apps/

Security researchers from Pangu Lab, a well-known company that provides iOS jailbreaks, said on Monday that they have found a vulnerability that they believe affects around 10% of all iOS apps.

Researchers described the issue —which they named ZipperDown— as "a common programming error, which leads to severe consequences such as data overwritten and even code execution in the context of affected apps."

15,978 out of 168,951 iOS apps are most likely affected

Pangu Lab said it created an automated scan rule to search for ZipperDown in iOS apps. Researchers found that 15,978 out of the total of 168,951 iOS apps they scanned appeared to be impacted by the ZipperDown vulnerability, although, apps need to be manually inspected to confirm that they are affected.

Android also affected

Pangu Lab researchers also said that Android applications are also affected by similar issues and that they will release more details in the future.
The good news is that exploiting ZipperDown is not as straightforward as other vulnerabilities and an attacker must be in a network position to hijack or spoofing traffic to the device.
Furthermore, "the sandbox on both iOS and Android can effectively limit ZipperDown’s consequence," researchers said.