5/22/2018 2:08:13 PM
ZipperDown vulnerability puts thousands of iOS apps at risk
iOS Apps,Vulnerability,Software Security
App Developer Magazine

ZipperDown vulnerability puts thousands of iOS apps at risk

Christian Hargrave Christian Hargrave in iOS Tuesday, May 22, 2018

ZipperDown iOS vulnerability poses risk to thousands of applications on the market, leaving companies scrambling to make security updates.

ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to developers:

“The ZipperDown disclosure from Pangu Lab finds that approximately 16,000 iOS applications are potentially vulnerable to security flaw that, in the worst cases, would allow an attacker to execute malicious code on a mobile device.

ZipperDown is not a "bug" per se, nor does it seem to be an issue in iOS itself; It’s the discovery of a common developer anti-pattern, or a commonly accepted development practice that turns out to be vulnerable. At Bugcrowd, we refer to instances such as Zipperdown as “0-day behavior” since they aren’t 0-days (i.e. one mistake in one piece of code that many people use), but can have a similar magnitude of impact. Anti-patterns like ZipperDown occur because the risk of a vulnerability is unknown it takes a hacker to discover, understand,  and then educate the builders of these patterns and their overall impact. Until the vulnerability created by the anti-pattern is surfaced, developers continue introducing it into the wild.

A similar famous example of an anti-pattern is the "Covert Redirect" flaw within OAuth protocols which was uncovered in 2014. As is the norm with this type of vulnerability, it takes a crowd to find it, and for those building software to take this feedback on in order to fix it.

iOS is considered one of the more resilient operating systems, and people commonly use their phones and tablets on unsecured Wi-Fi in hotels, airports, bars and planes so it’s important that the operating itself is secure. I'm happy to see this class of issues being discussed as it brings awareness to a broader consumer audience, and I expect to see a flurry of app updates on my phone over the next few days.”

100 Questions and Answers to help you land your Dream iOS Job: or to hire the right candidate!

This guide titled, "100 Questions and Answers to help you land your Dream iOS Job" can help you through some further questions related to landing a job related to iOS. With 100 Questions and Answers categorized by seniority and with reviews from some of the top iOS engineers worldwide, this book will level up how you make interviews for your favorite platform.

A new way to manage your development projects

Learn the best ways to organize your app development projects, and keep code straight, clients happy, and breathe a easier through launches.

The Latest Nerd Ranch Guide (3rd Edition) to Android Programming

Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.

Starting your own app business?

How to create a profitable, sustainable business developing and marketing mobile apps.


There are no comments yet, be the first to leave your remarks.

Leave a Reply