Release 7.5.0
Status
Cloud: Released
Onsite: Pending
Overview
The release of Corellium 7.5.0 introduces significant enhancements with MATRIX, marking the most comprehensive update since its launch last August. This version elevates user experience and functionality through improvements in report design, customization options, and enhanced tracking capabilities, delivering clearer insights and more actionable security assessments.
Key updates include a redesigned MATRIX report that enhances readability with a new horizontal summary layout and visual enhancements. The introduction of a User Activity Log allows comprehensive tracking of all changes within an assessment, ensuring accountability. Users can now mark specific checks as "Not Applicable" when irrelevant to their environment, and adjust result severities directly in reports for tailored analysis.
Additional features include the ability to suppress individual pieces of evidence within results, focusing attention on critical issues and reducing report clutter. These improvements reflect across both online interfaces and downloadable HTML formats.
Beyond MATRIX updates, Corellium 7.5.0 includes other enhancements such as API endpoint documentation updates, latency improvements for faster response times, and updates to internal tools like Frida. This release solidifies the Corellium platform as a powerful tool for effective security management and analysis.
Features
Improved Preservation of User Data for Corellium On Premises Appliances
Corellium is addressing a critical concern among on-site appliance users regarding data preservation during server migrations, network configuration changes, or capacity upgrades. Many customers have experienced data loss when attempting these adjustments due to current system limitations that inadvertently trigger database resets. This release introduces an essential enhancement allowing users to update their configurations without losing valuable customer data.
MATRIX
Report Redesign:
We have enhanced the MATRIX report to increase readability and transparency within your assessments. The report now features a horizontal summary layout with visual enhancements, new N/A status for checks, as well as additional metadata field for Last Modified. These design updates are also reflected within the downloadable HTML MATRIX report.
New User Activity Log:
We are excited to announce the addition of an all-new User Activity Log within MATRIX assessments. This new feature will offer a comprehensive log of all changes made within an assessment. This includes information on the scan including who started the scan, when monitoring was started or stopped and will also include a log of any modifications made to the report including adjusting severities, changing a check status or suppressing check evidence. This log will also be available within the HTML generated report.
New Result Status – “Not Applicable ”:
We have now introduced a new result status for checks, “Not Applicable” (N/A). If a particular vulnerability does not apply to your environment or application, you can now change the status to N/A, and the change will immediately be reflected in the report summary, MATRIX history, and the newly added user activity log. With this addition, we have added the ability to revert a single change or revert all modifications made to the report. All modifications will be reflected in the associated HTML report.
Updatable Result Severities:
To further enhance MATRIX report customization, users can now change the severity of a result directly within the report. Whether you have compensating controls in place or adjusting severities based on business impact, you can make those adjustments as you see fit per result. These updates will immediately be reflected within the report summary, MATRIX history and the audit log with full support for reverting changes. Similar to the above additions, any modifications to severities can be seen in the downloaded HTML report.
Ability to Suppress Individual Evidence:
One last big addition: you can now suppress individual pieces of evidence within a result. Let’s say a check detects three hardcoded keys but only one is a concern — now you can suppress the irrelevant evidence, so the MATRIX report reflects what truly needs attention. Suppressed items are greyed out to keep things clear, and if all evidence for a result is suppressed, the result is automatically marked as Not Applicable. These updates help you reduce noise and make your reports cleaner and easier to act on. As with the other additions, the suppression can be reverted, and all modifications will be reflected within the HTML report.
Other Enhancements
Improvements in Files Path Breadcrumb
In Corellium 7.5, we addressed an issue related to file navigation when pasting file paths. Previously, in version 7.4, entering a complete file path with the filename would mistakenly navigate users to the containing directory instead of directly to the specified file. This often led users to manually search for their desired file among numerous others in directories populated with many files.
With this update, if you paste a full file path—including the filename—into the File Browser, it now correctly highlights and displays only the specified file, mirroring the expected behavior of command-line ‘ls’ operations. This enhancement streamlines the navigation process, providing users with direct access to their intended files without unnecessary manual searching.
Files Path Breadcrumb Changes - MATRIX Deep Linking
A new capability has been added where you can simply click on an evidence path within a MATRIX report to be taken directly to the containing directory in the Files browser. This feature further enhances user experience by facilitating quick and easy navigation between reports and evidence file directories.
Update Android to Latest Revision - 14 & 15
Corellium 7.5 introduces a proactive approach to keeping Android environments up-to-date with the latest security and bug fixes from Google's AOSP builds. We continuously monitor updates for both Android 14 and Android 15, integrating these revisions into Corellium as they become available. This ensures that users benefit from the most current enhancements, maintaining robust security and performance in their virtualized Android environments.
Update Frida Versions
We have updated our built-in Frida server and console to version 17.0.6. This upgrade brings enhanced functionality and performance improvements that leverage the newest features offered by Frida.
Key Considerations: While this update provides significant benefits, users should be aware that it may introduce compatibility issues with existing scripts designed for previous versions of Frida(specifically 16.x). As such, we recommend reviewing your scripts and testing them within Corellium 7.5 to ensure they function as expected with the updated Frida version.
Recommendations:
-
Testing: Conduct thorough tests on all existing scripts that rely on Frida functionality.
-
Script Updates: Adjust any script logic or dependencies that may be affected by changes in Frida 17.0.6.
-
Documentation Review: Refer to the official Frida documentation for guidance on transitioning from version 16.x to 17.0.6.
API Endpoint Documentation Updates
Corellium 7.5 has introduced significant improvements to our API documentation, ensuring every endpoint is comprehensively detailed for user convenience and effectiveness.
Key Enhancements:
- Detailed Descriptions: Each API endpoint now includes thorough descriptions, making it easier for users to understand their purpose and usage.
- Response Types Clarified: Comprehensive information about all possible response types has been added to help anticipate various outcomes when using the endpoints.
- Practical Examples: Real-world examples have been incorporated to demonstrate how each endpoint can be effectively utilized in practical scenarios.
Documentation Review Process:
To achieve these enhancements, we conducted an extensive review of our API documentation available at Corellium API Docs . During this process:
- We meticulously evaluated each endpoint for completeness and clarity.
- Any endpoints lacking sufficient documentation were identified for further improvement.
Bug Fixes & UI Enhancements
Various underlying bugs have been resolved to improve stability and performance. Minor user interface tweaks have been implemented for a more intuitive and user-friendly Experience.