WifiDemon Zero-Click iOS Vulnerability: Zimperium Customers Are Protected

Share this blog

On July 17, 2021, the world became aware of WifiDemon, a critical zero-touch remote-code execution vulnerability impacting iOS devices. Research conducted and published by the ZecOps Mobile EDR team has proven that what was thought to be a network crash bug is in actuality a security risk for iOS devices. Variations of the vulnerability impact iOS 14.0 to 14.6, meaning even the newest versions of iOS are still at risk until Apple releases a patch and update.

The research team at ZecOps is reporting that the network crash issue is actually an unpatched zero-day vulnerability enabling attackers to remotely execute code on the victim’s phone or tablet without any interaction or notification for the end-user. While the zero-click component of the vulnerability was patched with iOS 14.4, newer versions of the mobile OS are still at risk to the zero-day remote code execution vulnerability.

The Zimperium team has verified the ZecOps research data and has verified that devices running Zimperium zIPS on iOS customers are protected against this zero-touch, zero-day vulnerability. No further action is necessary for Zimperium customers against this risk.

July 20, 2021 Update: Apple has confirmed that iOS 14.7 addresses and patches these vulnerabilities.

About Zimperium

Zimperium, the global leader in mobile security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats. Powered by z9, Zimperium provides protection against device, network, phishing, and malicious app attacks. For more information or to schedule a demo, contact us today.

Get started with your Zimperium trial today

Qualified organizations will try zIPS, Zimperium's mobile threat defense solution, for free and receive recommendations on how to immediately remediate issues and alleviate risks. This includes 3 steps:

[gravityform id="2" ajax="true"]