ZipperDown vulnerability puts thousands of iOS apps at risk
Posted on Tuesday, May 22, 2018 by AUSTIN HARRIS, Global Sales

ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to developers:

“The ZipperDown disclosure from Pangu Lab finds that approximately 16,000 iOS applications are potentially vulnerable to security flaw that, in the worst cases, would allow an attacker to execute malicious code on a mobile device.

ZipperDown is not a 'bug' per se, nor does it seem to be an issue in iOS itself; It’s the discovery of a common developer anti-pattern, or a commonly accepted development practice that turns out to be vulnerable. At Bugcrowd, we refer to instances such as Zipperdown as “0-day behavior” since they aren’t 0-days (i.e. one mistake in one piece of code that many people use), but can have a similar magnitude of impact. Anti-patterns like ZipperDown occur because the risk of a vulnerability is unknown it takes a hacker to discover, understand,  and then educate the builders of these patterns and their overall impact. Until the vulnerability created by the anti-pattern is surfaced, developers continue introducing it into the wild.

A similar famous example of an anti-pattern is the 'Covert Redirect' flaw within OAuth protocols which was uncovered in 2014. As is the norm with this type of vulnerability, it takes a crowd to find it, and for those building software to take this feedback on in order to fix it.

iOS is considered one of the more resilient operating systems, and people commonly use their phones and tablets on unsecured Wi-Fi in hotels, airports, bars and planes so it’s important that the operating itself is secure. I'm happy to see this class of issues being discussed as it brings awareness to a broader consumer audience, and I expect to see a flurry of app updates on my phone over the next few days.”

More App Developer News

Tether QVAC SDK Powers AI Across Devices and Platforms



APAC 5G expansion to fuel 347B mobile market by 2030



How AI is causing app litter everywhere



The App Economy Is Thriving



NIKKE 3.5 anniversary update livestream coming soon



New AI tool targets early dementia detection



Jentic launch gives AI agents api access



Experts warn ai-generated health content risks misinterpretation without human oversight



Ludo.ai Unveils API and MCP Beta to Power AI Game Asset Pipelines



AccuWeather Launches ChatGPT Integration for Live Weather Updates



Stop Using Business Jargon: 5 Ways Buzzwords Damage Job Performance



IT spending rises as banks balance legacy and innovation



Tech hiring slumps as Software Developer job postings fall



AI is becoming more widespread in collaboration tools



FCC prohibits new foreign router models citing critical infrastructure risks



ChatGPT Carbon Footprint Matches 1.3 Million Cars Report Finds



Lens Launches MCP Server to Connect AI Coding Assistants with Kubernetes



Accelerating corporate ai investment returns



Enviromates tech startup launches global participation platform



Private Repository Secures the AI-driven Development Boom



UK Fintech Platform Enviromates Connects Projects Brands and Consumers



Env Zero and CloudQuery Announce Merger



How Industrial AI Is Transforming Operations in 2026



AI generated work from managers is damaging trust among employees



Foresight Secures $25M to Bridge Infrastructure Execution Gap



Copyright © 2026 by Moonbeam

Address:
1855 S Ingram Mill Rd
STE# 201
Springfield, Mo 65804

Phone: 1-844-277-3386

Fax:417-429-2935

E-Mail: contact@appdevelopermagazine.com