Casa > cibernético Notícias > ZipperDown Vulnerability Affects About 10% do iOS Apps
CYBER NEWS

Vulnerabilidade ZipperDown afeta cerca de 10% do iOS Apps

image vulnerabilidade ZipperDown

Especialistas em segurança descobriram um bug perigosa que afeta aplicativos construídos para infra-estrutura de software móvel da Apple. De acordo com a informação publicada a vulnerabilidade ZipperDown afeta cerca de 10% de todos os aplicativos iOS lançado publicamente. É possível que esse erro pode funcionar em dispositivos Android, bem.

Vulnerabilidade ZipperDown Strikes iOS Apps

A descoberta de ZipperDown foi anunciada pelo Pangu Lab que, desde então, criou um site especialista em dar mais detalhes sobre o assunto. A análise de código de seus clientes revelou um erro de programação muito comum que levou a conseqüências perigosas quando novamente revistas. To give out further details about it’s spread the team has devised a special signature that can detect the problem in iOS apps. A scan was conducted using it on a specialist application analysis platform and the results show that por aí 10% of all iOS apps might be affected .

The platform cannot give out a 100% certainty however these figures are taken as credible enough to issue a warning across the whole security community. Some of the affected programs include even those that have more than 100 million active users: Weibo, MOMO< NetEas Music, QQ Muiic and Kwai. Exact details about the way ZipperDown operates are not disclosed at this moment in order to protect end-users. The security experts will work with all vendors that may have concerns about vulnerabilities in their products and services.

Story relacionado: pesquisadores encontram 274 Vulnerabilidades no Top 50 Android Compras Apps

Details About The ZipperDown Vulnerability

As the detected Zipperdown vulnerability is described as a common programming language error the developers have also prepared a detector tool that is compatible with Android apps. At this moment there is no information available on specific vulnerable apps. The team has confirmed that some software may be impacted however details on this are due to be released.

Vulnerable iOS and Android apps can lead to several dangerous outcomes including modificação de dados and even overwrite, assim como execução de código arbitrário. In such cases the ZipperDown vulnerability has been observed to be limited by the sandbox environments used in both operating systems — Android and iOS.

Some issues that hinder the proper security assessment is the fact that the produced signatures might showcase many false negatives. This is the reason why a thorough manual code investigation is advised. The ZipperDown vulnerability can be exploited via different methods however the most common are traffic hijacking e spoofing.

To this date there are no reported incidents as the bug has just been discovered. Given this it is very possible that actual attacks are to be caused using complex scenarios. ZipperDown exploits will probably be performed using other malicious components as well in a several-tier behavior pattern.

We expect that vendors will mitigate the ZipperDown vulnerability in due time to prevent any security incidents.

Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...