On May 15, 2018, Pangu Lab announced the ZipperDown vulnerability, which allows a remote code execution attack on iOS apps. On May 22 Appthority released the Download Zip File Unencrypted Threat Indicator, at Risk Level 5, for both iOS and Android devices.  

See the Appthority Blog post ZipperDown: Remote Code Execution Attach on iOS Apps for discussion about the ZipperDown threat. 

Appthority customers have advanced detection in place to identify iOS as well as Android apps that demonstrate the ZipperDown vulnerability in runtime by downloading a .zip file using an unencrypted connection.

Recommended Actions

Appthority recommends you use the new Download Zip File Unencrypted Threat Indicator in your organization’s Appthority MTP environment to take the appropriate action on apps that exhibit the ZipperDown vulnerability in runtime.  This detection is most critical for EMM published applications (internal and public) as well as potentially for personally downloaded business related apps on employee devices.

From the Appthority MTP Manager portal, Appthority recommends the following steps:

• Navigate to the Threat Indicators tab, find the new Download Zip File Unencrypted Threat Indicator and review the list of affected apps.
• Configure the Download Zip File Unencrypted Threat Indicator in your Appthority environment and then add the new Threat Indicator to your custom App Policy set.
  • Note: Add a Market Category filter to the App Policy to find only business related applications affected by ZipperDown vulnerability in runtime.

Contact your Appthority account team directly or at [email protected] for further questions or to learn about other ways Appthority MTP can help protect against this threat with on-device MiTM detection.