Research

How iOS Malware Can Spy on Users Silently

Welcome to the first post of our latest blog series: Mobile Attacker’s Mindset In this blog series, we’re going to cover how mobile threat-actors think, and what techniques attackers use to overcome security protections and indications that our phones and tablets are compromised.  In this first blog, we’ll demonstrate how the recently added camera & …

How iOS Malware Can Spy on Users Silently Read More »

Use-After-Free in Voice Control: CVE-2021-30902 Write-up

By: 08Tc3wBB Voice Control is a powerful feature introduced by Apple in iOS 13 and macOS Catalina. It acts as a substitute for all the touch gestures on the screen, letting you interact with the device using your voice to tap, swipe, type, and more. com.apple.SpeechRecognitionCore.speechrecognitiond Crashes com.apple.SpeechRecognitionCore.speechrecognitiond is a system XPCService process that handles …

Use-After-Free in Voice Control: CVE-2021-30902 Write-up Read More »

The Recent iOS 0-Click, CVE-2021-30860, Sounds Familiar. An Unreleased Write-up: One Year Later

TLDR; ZecOps identified and reproduced an Out-Of-Bounds Write vulnerability that can be triggered by opening a malformed PDF. This vulnerability reminded us of the FORCEDENTRY vulnerability exploited by NSO/Pegasus according to the CitizenLabs blog. As a brief background: ZecOps have analyzed several devices of Al-Jazeera journalists in the summer 2020 and automatically and successfully found …

The Recent iOS 0-Click, CVE-2021-30860, Sounds Familiar. An Unreleased Write-up: One Year Later Read More »

Threat Actors are Working Together. Defenders Should Collaborate Too!

We previously published that we suspected that there were more than one threat actor targeting the Al-Jazeera journalists. Background ZecOps discovered NSO attacks that targeted Al-Jazeera automatically using ZecOps Mobile EDR & DFIR solutions. Our initial analysis suggested that the footprint does not belong only to NSO. ZecOps Mobile Threat Intelligence Brief ZecOps can now …

Threat Actors are Working Together. Defenders Should Collaborate Too! Read More »