ZipperDown vulnerability puts thousands of iOS apps at risk
|Christian Hargrave in iOS Tuesday, May 22, 2018|
ZipperDown iOS vulnerability poses risk to thousands of applications on the market, leaving companies scrambling to make security updates.
“The ZipperDown disclosure from Pangu Lab finds that approximately 16,000 iOS applications are potentially vulnerable to security flaw that, in the worst cases, would allow an attacker to execute malicious code on a mobile device.
ZipperDown is not a "bug" per se, nor does it seem to be an issue in iOS itself; It’s the discovery of a common developer anti-pattern, or a commonly accepted development practice that turns out to be vulnerable. At Bugcrowd, we refer to instances such as Zipperdown as “0-day behavior” since they aren’t 0-days (i.e. one mistake in one piece of code that many people use), but can have a similar magnitude of impact. Anti-patterns like ZipperDown occur because the risk of a vulnerability is unknown it takes a hacker to discover, understand, and then educate the builders of these patterns and their overall impact. Until the vulnerability created by the anti-pattern is surfaced, developers continue introducing it into the wild.
A similar famous example of an anti-pattern is the "Covert Redirect" flaw within OAuth protocols which was uncovered in 2014. As is the norm with this type of vulnerability, it takes a crowd to find it, and for those building software to take this feedback on in order to fix it.
iOS is considered one of the more resilient operating systems, and people commonly use their phones and tablets on unsecured Wi-Fi in hotels, airports, bars and planes so it’s important that the operating itself is secure. I'm happy to see this class of issues being discussed as it brings awareness to a broader consumer audience, and I expect to see a flurry of app updates on my phone over the next few days.”
This guide titled, "100 Questions and Answers to help you land your Dream iOS Job" can help you through some further questions related to landing a job related to iOS. With 100 Questions and Answers categorized by seniority and with reviews from some of the top iOS engineers worldwide, this book will level up how you make interviews for your favorite platform.
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.