CVE-2015-3864 Metasploit module now available for testing

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Joshua DrakeFollow Joshua Drake (@jduck) Last year, we disclosed a series of critical vulnerabilities within Android’s multimedia processing code — libstagefright. We promised to release the exploit for testing purposes and quickly published our exploit for CVE-2015-1538 targeting the Galaxy Nexus running Android 4.0.4. We delivered this exploit … Read More

Zimperium Partners with BlackBerry to Provide Mobile Threat Detection

I am very excited our strategic partnership with BlackBerry is gaining momentum. zIPS and BlackBerry’s Good Dynamics Secure Mobility Platform and BES12 are integrated to deliver enterprise and government customers with comprehensive mobile threat detection, risk analysis and prevention for both iOS and Android devices.  “Good Dynamics and BES12 integrated with Zimperium zIPS offers comprehensive threat detection, … Read More

Understanding – “Pegasus” a Targeted Attack Remotely Infecting iOS Devices

Pegasus is a sophisticated trojan targeting the iOS platform. It provides an attacker abilities to remotely monitor and capture communication from a device (including calls, texts, Whatsapp, Viber, etc). A successful attack transforms a device running iOS into a powerful surveillance tool. This is a persistent attack and enables an attacker to remotely update and … Read More

Analysis of multiple vulnerabilities in different open source BTS products

Background By:Simone Margaritelli Follow Simone Margaritelli (@evilsocket)        Zimperium zLabs Follow Zimperium zLabs (@zLabsProeject) During the last weeks we’ve been investigating multiple aspects of GSM security such as protocol vulnerabilities as well as source auditing the world’s most common open source software products that run GSM networks. In this post we’ll share the details about multiple vulnerabilities … Read More

What is Quadrooter?

‘Quadrooter’ is a group of four vulnerabilities affecting  specific Android devices leveraging the Qualcomm chipset and associated driver code. These four vulnerabilities are a small part of the 36 vulnerabilities reported from the same class of bug (privilege escalation) for the same vendor (Qualcomm) that were fixed as part of August 5th Android Nexus monthly … Read More