Posts in "Threat Research"

WhatsApp Buffer Overflow Vulnerability: Under the Scope

Researcher: Chilik Tamir (@_coreDump)   Recently, Zimperium blogged about the new WhatsApp vulnerability disclosed by Facebook on May 13th. This vulnerability was reportedly exploited in the wild, and it was designated as CVE-2019-3568. A previous post by Zimperium gave some preliminary information about the vulnerability, impacted WhatsApp products, an alleged exploit and how Zimperium could … Read More

CVE-2019-8545 : Vulnerability in IOHIDFamily.kext

Summary A local user may be able to cause unexpected system termination or read kernel memory. Details In the function IOHIDEventServiceFastPathUserClient::getSharedMemorySize, the ClientObject (Offset 0xE0 of the user client) is given to a function which assumes it is initialised (It should be initialised via external method 0 — IOHIDEventServiceFastPathUserClient::_open). Calling IOConnectMapMemory64 without calling _open (or … Read More

Machine Learning vs Signatures, Round N: Once Again, Zimperium Detects Malware No One Else Does

Analysis & Post By: Alex Calleja (@alximw) Matteo Favaro (@fvrmatteo)     Advertising and click fraud campaigns are one of the most common mobile malware-based monetization techniques. Although they are considered a lawful income source in most app markets, they can put the user’s privacy at risk and even cause economic damage. Once again, Zimperium’s machine-learning based solution, … Read More