zLabs Advanced Mobile Security Research and Exploitation Team

The zLabs Advanced Research and Exploitation team is the world’s most qualified and talented collection of researchers focused 100% exclusively on mobile. With backgrounds at companies ranging from eBay and Samsung to Microsoft and Freescale, zLabs researchers are setting the bar for the industry. zLabs researchers discovered and documented attacks such as Stagefright on Android, zIVA on iOS and provided detailed analysis of the FreeRTOS TCP/IP Stack Vulnerabilities. The team have responsibly disclosed more iOS and Android vulnerabilities than all other major competitors combined.

Zimperium's zLabs team is a key member of the App Defense Alliance. Leveraging our extensive mobile security research expertise and some of the most renown security researchers in the world, zLabs is working with Google to ensure apps entering the Play Store are free of malicious content. Learn more about it here.

Awards & Recognition

The team's awards, certifications, specialized training and recognition are unparalleled in mobile security. Here is just a subset:

Adobe Independent Security Researchers
Adobe Independent Security Researchers
AT&T Bug Bounty Hall of Fame
AT&T Bug Bounty Hall of Fame
Barracuda Networks BugBounty Hall of Fame
Barracuda Networks BugBounty Hall of Fame
BitDefender Hall of Fame
BitDefender Hall of Fame
Hack in the Box 2017 Machine Learning Competition, 1st Prize
Hack in the Box 2017 Machine Learning Competition, 1st Prize
Certified Ethical Hacker
Certified Ethical Hacker
CoinBase BugBounty Hall of Fame
CoinBase BugBounty Hall of Fame
Computer Hacking Forensic Investigator
Computer Hacking Forensic Investigator
cPanel Full Disclosure
cPanel Full Disclosure
eBay Security Researchers
eBay Security Researchers
Certified Security Analyst
Certified Security Analyst
edX Certificate, Distributed Machine Learning with Apache Spark
edX Certificate, Distributed Machine Learning with Apache Spark
EKOPARTY CTF - 1st PLACE
EKOPARTY CTF - 1st PLACE
Envato Helpful Hacker
Envato Helpful Hacker
Friends of Offensive Security
Friends of Offensive Security
Google Application Security Hall of Fame
Google Application Security Hall of Fame
Kaneva Whitehat Hall of Fame
Kaneva Whitehat Hall of Fame
Microsoft Certified IT Professional Enterprise Administrator
Microsoft Certified IT Professional Enterprise Administrator
Microsoft Certified IT Professional Server Administrator
Microsoft Certified IT Professional Server Administrator
Microsoft Security Acknowledged Researchers
Microsoft Security Acknowledged Researchers
MIT: Tackling the Challenges of Big Data, Certificate
MIT: Tackling the Challenges of Big Data, Certificate
Nokia Responsible Disclosure Hall of Fame
Nokia Responsible Disclosure Hall of Fame
Olark Responsible Disclosure Program Special Thanks
Olark Responsible Disclosure Program Special Thanks
PayPal Wall of Fame, Top 10 Researchers
PayPal Wall of Fame, Top 10 Researchers
Stanford: Cryptography, Certificate
Stanford: Cryptography, Certificate
Stanford: Machine Learning, Certificate
Stanford: Machine Learning, Certificate
Twitter's Top Hackers on HackerOne
Twitter's Top Hackers on HackerOne
Zynga Security Whitehat Hall of Fame
Zynga Security Whitehat Hall of Fame
SANS GIAC Reverse Engineering Malware (GREM)
SANS GIAC Reverse Engineering Malware (GREM)
GIAC Mobile Device Security Analyst (GMOB)
GIAC Mobile Device Security Analyst (GMOB)

Awarded CVEs

In the last few years, zLabs has discovered and responsibly disclosed more mobile vulnerabilities than all other major competitors combined. Beginning in 2017, here is the growing list:

CVEYearResearcherPlatformSeverity
CVE 2020-97732020Chilik TamiriOSUnassigned
CVE 2020-9922020Nikias BasseniOSUnassigned
CVE-2020-38312020Chilik TamiriOSUnassigned
CVE-2019-85452019Adam DonenfeldiOSUnassigned
CVE-2019-88042019Christy MathewiOSUnassigned
CVE-2019-140412019Tamir Zahavi-BrunnerQualcommUnassigned
CVE -2019-140402019Tamir Zahavi-BrunnerQualcommUnassigned
CVE-2018-42822018Adam DonenfeldiOSUnassigned
CVE-2018-94112018Tamir Zahavi-BrunnerAndroidUnassigned
CVE-2018-95392018Tamir Zahavi-BrunnerAndroidUnassigned
CVE-2018-165222018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165252018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165262018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165282018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165232018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165242018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165272018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165992018Ori KarlinerFreeRTOSUnassigned
CVE-2018-166002018Ori KarlinerFreeRTOSUnassigned
CVE-2018-166012018Ori KarlinerFreeRTOSUnassigned
CVE-2018-166022018Ori KarlinerFreeRTOSUnassigned
CVE-2018-166032018Ori KarlinerFreeRTOSUnassigned
CVE-2018-165982018Ori KarlinerFreeRTOSUnassigned
CVE-2018-41092018Adam DonenfeldiOSUnassigned
CVE-2018-40872018Rani IdaniOSUnassigned
CVE-2018-40952018Rani IdaniOSUnassigned
CVE-2017-132532017Tamir Zahavi BrunnerAndroidHigh
CVE-2017-69992017Adam DonenfeldiOS7.8
CVE-2017-69982017Adam DonenfeldiOS7.8
CVE-2017-69972017Adam DonenfeldiOS7.8
CVE-2017-69962017Adam DonenfeldiOS7.8
CVE-2017-69952017Adam DonenfeldiOS7.8
CVE-2017-69942017Adam DonenfeldiOS7.8
CVE-2017-69892017Adam DonenfeldiOS7.8
CVE-2017-69792017Adam DonenfeldiOS7.0
CVE-2017-50542017Nicolas TripparAndroid8.8