Posts in "Threat Research"

Fake Snapchat in Google Play Store

Introduction Zimperium discovered and reported a fake version of the popular Snapchat app in the official Google Play Store; At the time of our discovery, it was the second result when searching for “Snapchat”. The fake version of Snapchat app is using “Snap Inc .” as Company Name, with a  ” .” appended to original … Read More

Read More

Zimperium zLabs iOS Security Advisories

As part of zLab’s platform research team, I’ve tried to investigate an area of the kernel that wasn’t thoroughly researched before.  After digging into some of Apple’s closed-source kernel modules, one code chunk led to another and I’ve noticed a little-known module, which I’ve never seen before, called AppleAVE. AppleAVE was written neglecting basic security fundamentals, to the extent that the … Read More

Read More

Threat Research: zTorg Trojan Variations

This Threat Research is about two variations of the zTorg mobile trojan recently discovered in Google Play by Kaspersky researcher, Roman Unucheck. In his blog post, Unucheck described the two variations as “Magic browser” and “Noise Detector”. According to Unucheck, “Magic browser” was uploaded to Google Play on May 15, 2017 and was installed more than 50,000 times. … Read More

Read More

NDAY-2017-0106: Elevation of Privilege in NVIDIA nvhost-vic driver

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) zNID: NDAY-2017-0106 CVE: CVE-2016-2434 Type: Elevation of Privileges Platform: Android 6.0.1 Device type: Nexus 9 Zimperium protection: Detected the exploit without an update. Zimperium partners and customers do not need to take any action to detect this exploit on all affected devices. Android bulletin: … Read More

Read More

NDAY-2017-0101: iCloud Information Leak

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) zNID: NDAY-2017-0101 CVE: Unknown Type: Information Disclosure Platform: iOS < 10.3 Device type: iPhone, iPod iOS bulletin: https://support.apple.com/en-us/HT207617 Public release date: 25th of May, 2017 Credit: Anonymous Download Exploit (password zimperium_ndays) Vulnerability Details An XPC service com.apple.coreservices.appleid.authentication can be accessed by any application on iOS … Read More

Read More