On May 15, 2018, Pangu Lab announced the ZipperDown vulnerability, which allows a remote code execution attack on iOS apps. On May 22 Appthority released the Download Zip File Unencrypted Threat Indicator, at Risk Level 5, for both iOS and Android devices.
See the Appthority Blog post ZipperDown: Remote Code Execution Attach on iOS Apps for discussion about the ZipperDown threat.
Appthority customers have advanced detection in place to identify iOS as well as Android apps that demonstrate the ZipperDown vulnerability in runtime by downloading a .zip file using an unencrypted connection.
Appthority recommends you use the new Download Zip File Unencrypted Threat Indicator in your organization’s Appthority MTP environment to take the appropriate action on apps that exhibit the ZipperDown vulnerability in runtime. This detection is most critical for EMM published applications (internal and public) as well as potentially for personally downloaded business related apps on employee devices.
From the Appthority MTP Manager portal, Appthority recommends the following steps:
Contact your Appthority account team directly or at [email protected] for further questions or to learn about other ways Appthority MTP can help protect against this threat with on-device MiTM detection.