Security researchers from Pangu Lab, a well-known company that provides iOS jailbreaks, said on Monday that they have found a vulnerability that they believe affects around 10% of all iOS apps.
Researchers described the issue —which they named ZipperDown— as “a common programming error, which leads to severe consequences such as data overwritten and even code execution in the context of affected apps.”
15,978 out of 168,951 iOS apps are most likely affected
Pangu Lab said it created an automated scan rule to search for ZipperDown in iOS apps. Researchers found that 15,978 out of the total of 168,951 iOS apps they scanned appeared to be impacted by the ZipperDown vulnerability, although, apps need to be manually inspected to confirm that they are affected.
We confirmed several iOS apps with more than 100 millions users are vulnerable to #ZipperDown#, and found more than 10k iOS apps might have the same or similar issues. Check https://t.co/WOg5AGzREb and contact us for details and fix if your app is in the list.
— PanguTeam (@PanguTeam) May 15, 2018
The list of vulnerable apps also includes several high-profile iOS apps that have more than 100 million users, such as Weibo, MOMO, NetEase Music, QQ Music, and Kwai.
Researchers also published a demo video exploiting ZipperDown in the Weibo app to achieve code execution rights.
Devs of vulnerable apps have to contact the researchers
“Due to the large amount of potentially affected apps, we cannot verify all the results precisely,” Pangu Lab said.
In addition, because so many apps are affected, researchers couldn’t contact the developers of each app…