On July 14, 2021, the world became aware of WifiDemon, a critical zero-touch remote-code execution vulnerability impacting iOS devices. Research conducted and published by the ZecOps Mobile EDR team has proven that what was thought to be a network crash bug is in actuality a security risk for iOS devices. Variations of the vulnerability impact iOS 14.0 to 14.6, meaning even the newest versions of iOS are still at risk until Apple releases a patch and update.
The research team at ZecOps is reporting that the network crash issue is actually an unpatched zero-day vulnerability enabling attackers to remotely execute code on the victim’s phone or tablet without any interaction or notification for the end-user. While the zero-click component of the vulnerability was patched with iOS 14.4, newer versions of the mobile OS are still at risk to the zero-day remote code execution vulnerability.
The Zimperium team has verified the ZecOps research data and has verified that Zimperium zIPS on iOS customers are protected against this zero-touch, zero-day vulnerability.
If you have any questions, please be sure to contact your customer success representative.
The post WifiDemon Zero-Click iOS Vulnerability: Zimperium Customers Are Protected appeared first on Zimperium Mobile Security Blog.
Article Link: WifiDemon Zero-Click iOS Vulnerability: Zimperium Customers Are Protected | Zimperium Mobile Security Blog