14 DAY TRIAL // Pangu Lab, a team of researchers mostly known for their iPhone jailbreak tools, warns that a bug in thousands of iOS apps could leave millions of iPhones vulnerable.
Codenamed ZipperDown, the vulnerability might exist in approximately 10% of all iOS apps available for download right now, and Pangu says it could allow for data overwrite or code execution in the context of affected apps.
And while with this flaw attackers could make a major step towards hijacking iPhones, Pangu says that the sandbox that Apple implemented limits its effects. A similar bug also exists on Android, but further information will be shared at a later time, the company said.
Devs need to reach out to Pangu to get more info
Following a scan of a total of 168,951 iOS apps, Pangu says there’s a chance the vulnerability exists in 15,978 of them, though for a confirmation manual inspection is required. Pangu explains that developers of the affected apps need to contact the team directly for more information on how to address the vulnerability. Several high-profile names are said to be impacted, including Weibo.
The way the bug can be exploited depends on each affected app, but the team of researchers explains that traffic hijacking and spoofing could be employed in attacks.
“Among the potentially affected Apps, we manually verified that many popular apps including Weibo, MOMO, NetEase Music, QQ Music and Kwai, are truly affected. These Apps have more than 100 million users. To avoid leaking the details of the programming error, we named it ZipperDown,” Pangu says.
Details aren’t public right now, so users shouldn’t be exposed to any kind of attacks, and the group says it’s willing to work with developers on addressing the problems.
No specifics were provided on the Android vulnerability, though it remains to be seen how vulnerable Google’s mobile operating system and how many apps could be compromised as compared to Apple’s iOS.
