Chinese iOS jailbreakers called the Pangu Team have found a vulnerability that affects almost 10% of iOS apps in the store. The attack can wipe users data when the code is being executed.
The vulnerability has been named ZipperDown although the researchers didn’t give out any technical details because the vulnerability is still in the wild, the team are currently asking the app developers to contact them privately for technical details of the vulnerability so that they can test their applications for the presence of the vulnerability.
The Pangu Team found multiple iOS apps that are vulnerable to ZipperDown. They have built a mobile threat intelligence platform called Janus to perform deep and wider scans and the platform has tested 168,951 apps and out of them, 15,978 were found vulnerable. The security flaw is not new but the Pangu Team were not expecting so many applications to be affected by it. The effect of the Zipperdown depends on the app permissions given by the user. “In general, attackers could overwrite the affected app’s data, or even gain code execution in the context of the affected app.”
The developers will hopefully fix their applications and correct the error where needed but in general, it is preferred for the users to use a Virtual Private Network for their own safety as this service prevents traffic spoofing and other man-in-middle attacks.
Take your time to comment on this article.