Researcher: Chilik Tamir (@_coreDump) Recently, Zimperium blogged about the new WhatsApp vulnerability disclosed by Facebook on May 13th. This vulnerability was reportedly exploited in the wild, and it was designated as CVE-2019-3568. A previous post by Zimperium gave some preliminary information about the vulnerability, impacted WhatsApp products, an alleged exploit and how Zimperium could … Read More
Posts in "Threat Research"
Summary A local user may be able to cause unexpected system termination or read kernel memory. Details In the function IOHIDEventServiceFastPathUserClient::getSharedMemorySize, the ClientObject (Offset 0xE0 of the user client) is given to a function which assumes it is initialised (It should be initialised via external method 0 — IOHIDEventServiceFastPathUserClient::_open). Calling IOConnectMapMemory64 without calling _open (or … Read More
A new WhatsApp vulnerability has attracted the attention of the press and security professionals around the world. Zimperium zLabs will be creating a detailed blog soon, but we wanted to provide our readers with preliminary information now. What follows is a quick summary of the vulnerability. It has been rumored that the vulnerability was exploited … Read More
Nicolás Chiaraviglio (@chiconara) We recently blogged about attacks perpetrated at WiFi networks in Barcelona before and during the 2019 Mobile World Congress (MWC). We found an astonishing amount: estimating more than 7,000 threats in less than four days. Furthermore, 25 percent of those threats were detected in hotels, and of those, 70 percent were at 5 Star Hotels. … Read More
Analysis & Post By: Alex Calleja (@alximw) Matteo Favaro (@fvrmatteo) Advertising and click fraud campaigns are one of the most common mobile malware-based monetization techniques. Although they are considered a lawful income source in most app markets, they can put the user’s privacy at risk and even cause economic damage. Once again, Zimperium’s machine-learning based solution, … Read More