zLabs Advanced Mobile Security Research and Exploitation Team

The zLabs Advanced Research and Exploitation team is the world’s most qualified and talented collection of researchers focused 100% exclusively on mobile. With backgrounds at companies ranging from eBay and Samsung to Microsoft and Freescale, zLabs researchers are setting the bar for the industry. zLabs researchers discovered and documented attacks such as Stagefright on Android, zIVA on iOS and provided detailed analysis of the FreeRTOS TCP/IP Stack Vulnerabilities. The team have responsibly disclosed more iOS and Android vulnerabilities than all other major competitors combined.

Zimperium's zLabs team is a key member of the App Defense Alliance. Leveraging our extensive mobile security research expertise and some of the most renown security researchers in the world, zLabs is working with Google to ensure apps entering the Play Store are free of malicious content. Learn more about it here.

Awards & Recognition
The team's awards, certifications, specialized training and recognition are unparalleled in mobile security. Here is just a subset:






























Awarded CVEs
In the last few years, zLabs has discovered and responsibly disclosed more mobile vulnerabilities than all other major competitors combined. Beginning in 2017, here is the growing list:
CVE | Year | Researcher | Platform | Severity |
---|---|---|---|---|
CVE 2020-9773 | 2020 | Chilik Tamir | iOS | Unassigned |
CVE 2020-992 | 2020 | Nikias Bassen | iOS | Unassigned |
CVE-2020-3831 | 2020 | Chilik Tamir | iOS | Unassigned |
CVE-2019-8545 | 2019 | Adam Donenfeld | iOS | Unassigned |
CVE-2019-8804 | 2019 | Christy Mathew | iOS | Unassigned |
CVE-2019-14041 | 2019 | Tamir Zahavi-Brunner | Qualcomm | Unassigned |
CVE -2019-14040 | 2019 | Tamir Zahavi-Brunner | Qualcomm | Unassigned |
CVE-2018-4282 | 2018 | Adam Donenfeld | iOS | Unassigned |
CVE-2018-9411 | 2018 | Tamir Zahavi-Brunner | Android | Unassigned |
CVE-2018-9539 | 2018 | Tamir Zahavi-Brunner | Android | Unassigned |
CVE-2018-16522 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16525 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16526 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16528 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16523 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16524 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16527 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16599 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16600 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16601 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16602 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16603 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-16598 | 2018 | Ori Karliner | FreeRTOS | Unassigned |
CVE-2018-4109 | 2018 | Adam Donenfeld | iOS | Unassigned |
CVE-2018-4087 | 2018 | Rani Idan | iOS | Unassigned |
CVE-2018-4095 | 2018 | Rani Idan | iOS | Unassigned |
CVE-2017-13253 | 2017 | Tamir Zahavi Brunner | Android | High |
CVE-2017-6999 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6998 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6997 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6996 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6995 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6994 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6989 | 2017 | Adam Donenfeld | iOS | 7.8 |
CVE-2017-6979 | 2017 | Adam Donenfeld | iOS | 7.0 |
CVE-2017-5054 | 2017 | Nicolas Trippar | Android | 8.8 |