5/22/2018 2:08:13 PM
ZipperDown vulnerability puts thousands of iOS apps at risk
iOS Apps,Vulnerability,Software Security
App Developer Magazine

ZipperDown vulnerability puts thousands of iOS apps at risk

Christian Hargrave Christian Hargrave in iOS Tuesday, May 22, 2018

ZipperDown iOS vulnerability poses risk to thousands of applications on the market, leaving companies scrambling to make security updates.

ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to developers:

“The ZipperDown disclosure from Pangu Lab finds that approximately 16,000 iOS applications are potentially vulnerable to security flaw that, in the worst cases, would allow an attacker to execute malicious code on a mobile device.

ZipperDown is not a "bug" per se, nor does it seem to be an issue in iOS itself; It’s the discovery of a common developer anti-pattern, or a commonly accepted development practice that turns out to be vulnerable. At Bugcrowd, we refer to instances such as Zipperdown as “0-day behavior” since they aren’t 0-days (i.e. one mistake in one piece of code that many people use), but can have a similar magnitude of impact. Anti-patterns like ZipperDown occur because the risk of a vulnerability is unknown it takes a hacker to discover, understand,  and then educate the builders of these patterns and their overall impact. Until the vulnerability created by the anti-pattern is surfaced, developers continue introducing it into the wild.

A similar famous example of an anti-pattern is the "Covert Redirect" flaw within OAuth protocols which was uncovered in 2014. As is the norm with this type of vulnerability, it takes a crowd to find it, and for those building software to take this feedback on in order to fix it.

iOS is considered one of the more resilient operating systems, and people commonly use their phones and tablets on unsecured Wi-Fi in hotels, airports, bars and planes so it’s important that the operating itself is secure. I'm happy to see this class of issues being discussed as it brings awareness to a broader consumer audience, and I expect to see a flurry of app updates on my phone over the next few days.”

100 Questions and Answers to help you land your Dream iOS Job: or to hire the right candidate!

This guide titled, "100 Questions and Answers to help you land your Dream iOS Job" can help you through some further questions related to landing a job related to iOS. With 100 Questions and Answers categorized by seniority and with reviews from some of the top iOS engineers worldwide, this book will level up how you make interviews for your favorite platform.

475 Tax Deductions for Businesses and Self-Employed Individuals

Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.

The Apple AirPods with Charging Case (Latest Model)

Inside the buds, there is a newly-designed H1 chip which Apple has built specifically for the headphones. It improves connectivity pairing times, the efficiency of the battery life, and allows for hands-free "Hey Siri" functionality. New for the AirPods 2019 is the wireless charging case for the earbuds, which means you can use Qi-compatible charging mats to power the case without having to stick a cable in. 

A hands-on guide to mastering mobile forensics for iOS and Android

Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.

Gps tracker for kids

The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.

The Latest Nerd Ranch Guide (3rd Edition) to Android Programming

Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.