WifiDemon Zero-Click iOS Vulnerability: Zimperium Customers Are Protected

On July 17, 2021, the world became aware of WifiDemon, a critical zero-touch remote-code execution vulnerability impacting iOS devices. Research conducted and published by the ZecOps Mobile EDR team has proven that what was thought to be a network crash bug is in actuality a security risk for iOS devices. Variations of the vulnerability impact iOS 14.0 to 14.6, meaning even the newest versions of iOS are still at risk until Apple releases a patch and update.

The research team at ZecOps is reporting that the network crash issue is actually an unpatched zero-day vulnerability enabling attackers to remotely execute code on the victim’s phone or tablet without any interaction or notification for the end-user. While the zero-click component of the vulnerability was patched with iOS 14.4, newer versions of the mobile OS are still at risk to the zero-day remote code execution vulnerability.

The Zimperium team has verified the ZecOps research data and has verified that devices running Zimperium zIPS on iOS customers are protected against this zero-touch, zero-day vulnerability. No further action is necessary for Zimperium customers against this risk.

About Zimperium

Zimperium, the global leader in mobile security, offers the only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats. Powered by z9, Zimperium provides protection against device, network, phishing, and malicious app attacks. For more information or to schedule a demo, contact us today.

The post WifiDemon Zero-Click iOS Vulnerability: Zimperium Customers Are Protected appeared first on Zimperium Mobile Security Blog.

%post_title%

Source

Related Articles

New Advanced Android Malware Posing as “System Update”

Another week, and another major mobile security risk. A few weeks ago, Zimperium zLabs researchers disclosed unsecured cloud configurations exposing information in thousands of legitimate iOS and Android apps (you can read more about it in our blog). This week, zLabs is warning Android users about a sophisticated new malicious app. The new malware disguises … Read More

The post New Advanced Android Malware Posing as “System Update” appeared first on Zimperium Mobile Security Blog.

Top 4 Threats to O365 on Mobile Devices (and How to Stop Them)

Enterprises are continuing to work remotely and use BYO mobile devices. Doing so enables cost savings from a corporate standpoint and better user satisfaction from an employee standpoint. It also introduces and keeps Microsoft’s O365 as a mainstay.  I recently hosted a webinar with our very own Kern Smith, Vice President of Solution Engineering, on … Read More

The post Top 4 Threats to O365 on Mobile Devices (and How to Stop Them) appeared first on Zimperium Mobile Security Blog.

Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps

Abstract When approaching the development of a mobile application, one of the key design decisions revolves around the server side aspect of the application. Specifically, storage of information relevant to the app’s usage, as well as the backend API’s allowing the app to query the server for information in real time (as opposed to static … Read More

The post Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps appeared first on Zimperium Mobile Security Blog.

c0ntextomy – Let’s Debug Together: CVE-2020-9992

Apple recently released the long awaited iOS/iPadOS 14.0 update alongside an updated Xcode 12.0. As part of this update, Apple fixed a vulnerability in the Development Tools, that was reported earlier this year as a joint effort by our Zimperium zLabs researcher and VP of Product Security Nikias Bassen, and an independent security researcher, Dany … Read More

The post c0ntextomy – Let’s Debug Together: CVE-2020-9992 appeared first on Zimperium Mobile Security Blog.