Detecting an extremely dangerous vulnerability on nearly 16,000 iOS applications

Apps with high download volume and users of over 100 million people like Instagram, Amazon, Twitter and Dropbox are likely to be affected.

Detecting an extremely dangerous vulnerability on nearly 16,000 iOS applications

ZipperDown, a serious security vulnerability that exists in iOS apps, was discovered by a group of security experts called Pangu Lab. Taking advantage of this vulnerability, hackers can overwrite data or run dangerous code on the application. Users' devices may be in danger if downloaded one of the applications that has ZipperDown attached.

According to security experts, there are about 9,978 iOS applications that exist in the aforementioned flaws, accounting for about 10% of existing iOS applications on the App Store. Notably, apps with high download volume and users of over 100 million people like Instagram, Amazon, Twitter and Dropbox are likely to be affected by ZipperDown, while apps like Weibo, QQ Music, MOMO, NetEase Music, and Kwai, . have been identified as containing vulnerabilities long ago.

Detecting an extremely dangerous vulnerability on nearly 16,000 iOS applications Picture 1

Depending on the application, hackers can exploit vulnerabilities to attack in different directions, but the most common is still control and fake connection to the device to enable remote malicious code via the network. cord.

Developers need to contact the Pangu team to verify if their application contains a vulnerability, thus finding a suitable solution.

See more:

Intel's chip has eight new serious vulnerabilities
Detecting zero-day vulnerabilities in Internet Explorer helps hackers gain control of the computer
Only charging the battery through a computer, your iPhone may also be hacked

Warning: Detecting a very serious vulnerability in Cyberoam, a common firewall system in Vietnam
vsec is broadcasting a warning about an extremely dangerous vulnerability with the code name cve-2019-17059 on cyberoam.
Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
spring has just released an urgent update to patch the spring4shell remote code execution zero-day vulnerability. information about this vulnerability was leaked on the internet before the patch was released.
VMware patches RCE Spring4Shell vulnerability on a wide range of products
vmware has released a number of security updates to patch remote code execution for a dangerous vulnerability called spring4shell in the company's virtual machine and cloud products.
Internet Explorer crashed extremely dangerous, Microsoft released an emergency patch
yesterday, microsoft had to release an emergency update to patch an extremely serious internet explorer vulnerability, even though the browser is no longer being used by users.
Detecting a new Linux vulnerability allows hackers to gain control of the VPN connection
international security researchers have found an entirely new linux vulnerability that allows potential attackers to hijack vpn connections on the device * nix and 'inject' the arbitrary data payload into it. tcp4 and ipv6 streams.
Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
a group of free security researchers recently announced the zero-day vulnerability in the dropbox version of the windows app.
Microsoft fixes 'dangerous' errors for Windows
yesterday (march 10) microsoft released an update to block an extremely dangerous vulnerability in the kernel of almost every version of windows operating system.
Detecting a vulnerability that makes 3,000 companies using Microsoft Azure vulnerable to hackers reading data over the past 2 years
using microsoft azure can help companies better secure their data. however, a newly discovered vulnerability shows the opposite result.
Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
not long after the log4j vulnerability was discovered, the patch was released. however, the irony is that this patch has holes.
Detecting WhatsApp flaws allows an attacker to access files on the machine
this is a cross-site scripting (xss) vulnerability.
Detecting an 8-year-old security flaw, affecting 150 HP printer models
researchers have discovered several security vulnerabilities affecting at least 150 models of hp multifunction printers (print, scan, fax).
How to detect malicious apps on Android
installing applications outside of google play is often potentially risky, making users more likely to steal personal data and money. therefore, the detection of malicious applications on android phones will help you distinguish what will be a safe application, where the application contains malicious code, thereby minimizing the download of dangerous applications. security and protection of android devices become safer.