Last Monday, security researchers from iOS jailbreak firm, Pangu Lab, announced a vulnerability that they believe affects around 10% of all iOS apps. In a blog on its newly created information site, https://zipperdown.org/ , Pangu stated that its researchers noticed “a common programming error, which leads to severe consequences such as data overwritten and even code execution in the context of affected Apps.” Pangu calculated that the infected apps may expose 100 million users or more. To avoid leaking the details of the programming error, Pangu named it “ZipperDown”.
What follow is a brief description of the vulnerability (as it is known today), and then a description of how zIPS (powered by the most effective and complete mobile machine learning engine in the world, z9) detects exploitation attempts on the device. The end result is that zIPS users are safe without any updates.
Preliminary ZipperDown Analysis
According to Pangu, “To protect the end-users, the detail of ZipperDown is not available to the public for now.” However, our researchers have discussed the vulnerability / programming error with Pangu, and believe that the issue lies in a 3rd party library that many apps are using. It is our team’s assessment that ZipperDown is not about malware, but about a vulnerability being exploited in several apps via a MITM on the network.
How Zimperium Helps Combat ZipperDown
Zimperium zIPS, powered by z9, detects MITMs and the exploits that can leverage ZipperDown, and can prevent them from executing via customer-defined policy enforcement.
Zimperium’s on-device, machine learning-based detection has many advantages. One of which is Zimperium’s full “Kill Chain” detection, wherein z9 detects attacks at multiple steps, without any updating or signatures. In this case, z9 detects MITMs and any exploits attempting to elevate privileges and compromise the device.