SAN FRANCISCO, Jan. 28, 2016 /PRNewswire/ -- Zimperium, the leader in enterprise mobile threat protection, discovered a code execution vulnerability in Apple's iOS and OS X operating system affecting all iOS devices running versions 6.0 to 9.2, and OS X 10.9 through 10.11.2.
Logo - http://photos.prnewswire.com/prnh/20160128/327034LOGO
With its recent iOS 9.2.1 and OS X 10.11.3 update, Apple provided patches for several flaws allowing attackers to take advantage of users and their mobile devices. The update fixed a total of 13 vulnerabilities, including two with low severity, five with medium severity and six with critical severity. All of the six critical vulnerabilities allow remote device takeover simply by visiting a malicious website.
Among these issues was CVE-2016-1722, a vulnerability Zimperium zLabs' researchers Nikias Bassen and Joshua J. Drake identified in the system's syslog logging function potentially leading to remote code execution, local code execution with root permissions or a Denial of Service (DoS) attack.
Drake is the researcher who also identified Stagefright vulnerability which had enormous impact on the Android ecosystem, pushing vendors to provide security updates for its users after years of no updates.
"Our zLabs research team is constantly researching ways to improve the state of security on mobile devices," said Zuk Avraham, Founder, Chairman and CTO at Zimperium. "Discovering this vulnerability is part of our ongoing mission to find and help fix flaws across the entire mobile ecosystem including both Android and iOS."
"It's exciting to see Zimperium helping global giants such as Apple and Google to improve the company's operating systems," said Mark Fernandes, managing director of Sierra Ventures. "We're continually impressed by the efforts of Zimperium's research arm and look forward to its future success in the cybersecurity industry."
"By promoting advanced mobile security research, we tackle issues before the bad guys do," said Shridhar Mittal, CEO of Zimperium. "Given today's increasingly mobile workforce, it's imperative for companies to implement a comprehensive security strategy that enables and secures all devices. We focus on finding ways to make this a reality and will continue to work with companies like Apple and Google to help minimize the risk of mobile vulnerabilities."
You can read more about CVE-2016-1722 here. If you have not updated your iOS or OS X, it is recommended to do so as soon as possible.
About Zimperium
Zimperium Mobile Threat Protection is the leading solution for securing enterprises against advanced mobile attacks. Zimperium utilizes a cutting-edge, machine-learning approach to provide protection and visibility to enterprises for advanced cyberattacks. Zimperium offers the first on-device solution that is equipped with the capability to detect known and unknown attacks. Zimperium has customers across major enterprise verticals globally. To learn more, please visit our website at www.zimperium.com, and our official blog at https://blog.zimperium.com.
CONTACT: Darah Patton, 317-695-5630
SOURCE Zimperium
Share this article