Posts in "Research"

Zimperium Announces Its Exploit Acquisition Program for N-Days

Your million dollar 0day just got burned and now worth nothing? No worries – we are still interested in your exploit. The value of 0days can range from a few thousands to even a million dollars for a full remote exploit chain and many companies and governments are willing to buy them. The problem with … Read More

Read More

Analysis of multiple vulnerabilities in AirDroid

By: Simone Margaritelli Follow Simone Margaritelli (@evilsocket)    Zimperium zLabs   Follow Zimperium zLabs (@zLabsProject) Analysis of multiple vulnerabilities in AirDroid Reported by: Simone Margaritelli Security Researcher at Zimperium zLabs Edit: 11:02AM PDT: added exploit POC code below the disclosure timeline. Edit2: 06:01PM PDT: edited timeline to reflect 4.0.0 and 4.0.1 release dates and confirming that both versions … Read More

Read More

CVE-2015-3864 Metasploit module now available for testing

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Joshua DrakeFollow Joshua Drake (@jduck) Last year, we disclosed a series of critical vulnerabilities within Android’s multimedia processing code — libstagefright. We promised to release the exploit for testing purposes and quickly published our exploit for CVE-2015-1538 targeting the Galaxy Nexus running Android 4.0.4. We delivered this exploit … Read More

Read More

Analysis of multiple vulnerabilities in different open source BTS products

Background By:Simone Margaritelli Follow Simone Margaritelli (@evilsocket)        Zimperium zLabs Follow Zimperium zLabs (@zLabsProeject) During the last weeks we’ve been investigating multiple aspects of GSM security such as protocol vulnerabilities as well as source auditing the world’s most common open source software products that run GSM networks. In this post we’ll share the details about multiple vulnerabilities … Read More

Read More

What is Quadrooter?

‘Quadrooter’ is a group of four vulnerabilities affecting  specific Android devices leveraging the Qualcomm chipset and associated driver code. These four vulnerabilities are a small part of the 36 vulnerabilities reported from the same class of bug (privilege escalation) for the same vendor (Qualcomm) that were fixed as part of August 5th Android Nexus monthly … Read More

Read More