Currently browsing: Threat Research

CVE-2018-4282: Out-of-bounds read vulnerability in AppleT8015PPM.kext

Researchers: Adam Donenfeld (@doadam) Relevant Operating Systems: iOS, tvOS and watchOS CVE: CVE-2018-4282   Summary As a part of our ongoing mobile platform research, zLabs recently discovered a read-out-of-bounds vulnerability in the AppleT8015PPM.kext that allows an attacker to read out of its supplied structureInput. The read data is being used […]

Read more

FreeRTOS TCP/IP Stack Vulnerabilities Put A Wide Range of Devices at Risk of Compromise: From Smart Homes to Critical Infrastructure Systems

Researchers: Ori Karliner (@oriHCX) Relevant Operating Systems: FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, WHIS OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components) . CVE List: [wpsm_comparison_table id=”4″ class=””] As a part of our ongoing IoT platform research, zLabs recently analyzed some of the leading […]

Read more

Fake Play Market: Zimperium’s z9 against Social Engineering Attack Vectors

Analysis & Post By: Alex Calleja (@alximw) Matteo Favaro (@fvrmatteo) Introduction Since the beginning of 2018, researchers in Zimperium’s zLabs have been tracking a rise in the frequency and sophistication of applications that have been loaded outside of the official Google Play Store. Many of these have leveraged social engineering techniques […]

Read more

zLabs at HITB Singapore: The Road to iOS Sandbox Escape

This week at HITB Singapore, Zimperium zLabs’ security researcher, Rani Idan (@raniXCH), is conducting a session titled “The Road to iOS Sandbox Escape.” Rani’s fellow zLab’s researcher, Adam Donenfeld (@doadam), is also conducting a session titled “Viewer Discretion Advised: (De)coding an iOS Vulnerability.” Here is the abstract for Rani’s session. We will post the recording of the session […]

Read more

zLabs at HITB Singapore: (De)coding an iOS Vulnerability

This week at HITB Singapore, Zimperium zLabs’ security researcher, Adam Donenfeld (@doadam) is conducting a session titled “Viewer Discretion Advised: (De)coding an iOS Vulnerability.” Another zLabs researcher, Rani Idan (@raniXCH), is also doing a session titled “The Road to iOS Sandbox Escape.” Here is the abstract for Adam’s session. We will post the recording of the session when it […]

Read more

zLabs at BSides Las Vegas: Where Android security helps and fails

This week at BSides Las Vegas, zLabs’ security researcher, Tamir Zahavi-Brunner (@tamir_zb) is conducting a session titled “Treble or Trouble: Where Android’s latest security enhancements help, and where they fail.” Tamir’s work is another example of why zLabs is recognized as the world’s most qualified and talented collection of researchers focused 100% exclusively on mobile Here […]

Read more

aLTEr: POC Exploit of LTE Layer Two

Long Term Evolution (LTE) is the latest mobile telephony standard designed to bring many security improvements over the predecessor standard known as the Global System for Mobile (GSM). In a new research paper, security researchers from Ruhr-Universität Bochum and New York University Abu Dhabi outline attacks that could allow sophisticated […]

Read more

RAMpage: The Latest Rowhammer-esque Android Vulnerability

On June 28th, a group of eight academics across three different universities released a research paper outlining a new Android vulnerability called “RAMpage”.  It’s a variation of previous attacks that use the Rowhammer hardware vulnerability to run malicious code by changing what’s stored in a device’s memory (RAM) and has […]

Read more

The New zANTI: Mobile Penetration & Security Analysis Toolkit

zANTI is an easy to use penetration testing and a security analysis toolkit. With zANTI you can simulate real-world, commonly-used malicious cyberattack techniques. Using zANTI, you will quickly discover unsafe elements in your networks, and in your devices that are connected to those networks. Using zANTI, you will understand unsafe conditions on your devices in three […]

Read more

Get started with Zimperium today