More than 15,000 iOS apps have programming flaws that can leave iPhones vulnerable to attack
Discovered by Chinese iPhone jailbreak experts Pangu, the ZipperDown vulnerability that could leave thousands of iPhones vulnerable has been found in over 15,000 iOS apps.
 |
"ZipperDown is a very typical programming bug that can lead to serious consequences. According to the survey, 15,978 out of 168,951 iOS apps are currently vulnerable to this bug, some of which have been downloaded more than 100 million times. To carry out the attack, hackers will control the Wi-Fi network to exploit the vulnerability and run malicious code," Pangu said.
To demonstrate, Pangu posted a video showing a user downloading and using the Weibo service in an unsecured Wi-Fi environment. A hacker then exploited the ZipperDown exploit in Weibo and executed remote code to take control of the app.
Pangu added that the bug is related to a third-party utility called ZipArchive that allows iOS apps to read and write compressed files, and noted that sandboxing tools on both iOS and Android can help mitigate the ZipperDown bug.
In addition, Pangu also conducted a large-scale test on the app analytics platform Janus and found that about 10% of iOS apps were affected by similar issues, including Instagram, Amazon, Twitter, and Dropbox. Meanwhile, Weibo, NetEase Music, QQ Music, and Kwai were definitely vulnerable.
The team also confirmed that many other popular Android apps are also vulnerable and will release more information about affected apps soon.
Prior to the study, Will Strafach, founder of app security company Verify.ly, encouraged iPhone users to update their apps to avoid unwanted issues, saying the vulnerability could be easily fixed with updates.
