Palo Alto Networks Researchers Uncover Critical Apple Product Vulnerabilities

posted by: on June 2, 2016 10:00 AM

filed in: Threat Prevention, Unit 42
tagged: , , , , ,

Palo Alto Networks researchers were recently credited with discovery of two new Apple product vulnerabilities.

Researchers Tongbo Luo and Bo Qu discovered a webkit vulnerability (CVE-2016-1855) affecting Safari in OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.10.5. …Continue reading


Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review

posted by: on February 21, 2016 5:00 PM

filed in: Threat Prevention, Unit 42
tagged: , , , ,

Apple’s official iOS App Store is well known for its strict code review of any app submitted by a developer. This mandatory policy has become one of the most important mechanisms in the iOS security ecosystem to ensure the privacy and security of iOS users. But we recently identified an app that demonstrated new ways of successfully evading Apple’s code review. This post discusses our findings and potential security risks to iOS device users.

The app we identified is named “开心日常英语 (Happy Daily English),” and it has since been removed by Apple from the App Store. This app was a complex, fully functional third party App Store client for iOS users in mainland China. We also discovered enterprise signed versions of this application elsewhere in the wild. We had not identified any malicious functionality in this app, and as such we classified it as Riskware and have named it ZergHelper.

Fig1

Figure 1: “Happy Daily English” available in the App Store

ZergHelper presents several security risks, include the following: …Continue reading


Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists

Executive Summary

Over the past seven months, Unit 42 has been investigating a series of attacks we attribute to a group we have code named “Scarlet Mimic.” The attacks began over four years ago and their targeting pattern suggests that this adversary’s primary mission is to gather information about minority rights activists. We do not have evidence directly linking these attacks to a government source, but the information derived from these activities supports an assessment that a group or groups with motivations similar to the stated position of the Chinese government in relation to these targets is involved. …Continue reading


Older posts →