In what's being touted as potentially one of the biggest attacks986 ArchivesiPhone users ever, Google has revealed that a collection of websites were hacked to deliver malware onto iPhones, with the iOS vulnerabilities involved going unchecked and undiscovered for years -- as well as subsequent attacks.
The hacks installed zero-interaction malware into unnamed sites that received thousands of visitors every week. Simply visiting the sites, without clicking or scrolling at all, could deliver a monitoring implant onto users' iPhones.
Google demonstrated that the implant could "steal private data like iMessages, photos and GPS location in real-time"; it also had access to users' keychains and password data, as well as database files containing plaintext of messages sent and received in messaging apps such as Google Hangouts, and even end-to-end encrypted apps including WhatsApp, iMessage, and Telegram.
The malware would be wiped if the iPhone was rebooted, but any sensitive information obtained during the infection could still leave the device, its user, and their online life vulnerable to attack.
SEE ALSO: Apple will announce new 'iPhone 11' and 'iPhone 11 Pro' on September 10While the choice of sites appeared designed to target certain communities, the attack was otherwise indiscriminate.
Google's security research initiative Project Zero posted a "very deep dive" detailing the exploits, which their Threat Analysis Group discovered and disclosed to Apple in Feb. 2019.
The team found five "separate, complete and unique" exploit chains using 14 vulnerabilities. Several were zero-day, meaning Apple was unaware of them at the time of Project Zero's discovery; Apple patched these within the seven-day deadline Google gave in iOS 12.1.4, the same Feb. 7 update that patched the infamous Group FaceTime vulnerability.
The exploits date back to iOS 10 and through updates of iOS 12.1.2, encompassing "almost every version" in that timeframe.
This Tweet is currently unavailable. It might be loading or has been removed.
The number of Apple exploits discovered appears to have risen sharply over the past year. At the end of July, Project Zero revealed six zero-interaction security bugs that could be exploited through iMessage, only five of which Apple had managed to patch by the time the Google team revealed them. And in August, news broke of the SQLite vulnerability, as demonstrated at DEFCON 2019 using the iOS Contacts app, as well as the vulnerability to the Bluetooth-based "KNOB" attack that affected every iPhone and iPad.
Mashable has contacted Apple for comment.
Topics Cybersecurity
The 10 Most Anticipated PC Games of 2016
25 super weird, cheap gifts to get you uninvited to next year's Christmas party
The film production company behind 'Her' is getting into video games
YouTube musical comedy group The Gregory Brothers launch new series
Sony launches new flagship XM6 headphones: Order them now
Will Negan die in Walking Dead Season 7? Don't count on it
Dolly Parton is donating $1,000 a month to fire victims in Tennessee
Banana leaf Hermès bag resurfaces as a meme in Asia because street food
NYT Strands hints, answers for May 18
The 2016 Oscar Map: Finally, a more diverse field takes shape
How to Squeeze the Most Out of Your iPhone's Battery
Baby hits the milly rock in the womb
The 8 Netflix features we desperately need in our lives
The Victoria's Secret 2016 show was straight out of 'Game of Thrones'
New MIT report reveals energy costs of AI tools like ChatGPT
The Kickstarter campaign that's making fidgeting sexy
YouTube musical comedy group The Gregory Brothers launch new series
Boom time is over: Startups are failing as funding dries up
Seven Steam games whose reviews have changed a lot
Practice your downward
Reactionary GIFsMisclassified InformationNostradamus of the ObviousAusterity BluesAusterity BluesAusterity BluesAn Evil MediumAll Right AlreadyBusiness as UsualHeaven Help UsAll the Diplomat’s WomenRevenge of the QuantsFactory BluesThe Action is the JuiceTerminal DiagnosisThis Brand is Late CapitalismLies, Damned Lies, and RecyclingTo the Bitter EndThis Brand is Late CapitalismThe Sad Clowns of Dating How to delete your Facebook group Flynn plea deal has people giving these old Trump tweets a new look What really happened in 'The Conjuring: The Devil Made Me Do It' case Twitter reveals what Australians talked about most in 2017 Elon Musk announces that the Tesla Model S Plaid+ is 'canceled' 25 gifts for the 'Stranger Things' 49 times we thought 2017 couldn't get any worse, and then it did A full bar threw a surprise birthday party for one lucky bulldog Courteney Cox shares a star How to download Apple's iOS 15 developer and public betas How to watch Apple's WWDC 2021 Utah drought is so bad, the governor appeals for 'divine intervention' The best apps for dog lovers and pup parents COVID Discord group helps Indians find oxygen, answers, and community Bryan Singer fired from Queen biopic after no You'll never lose your AirPods again with Apple's iOS 15 23 of the funniest British tweets from 2017 Folks on Twitter are nominating the best movie roles under 15 minutes Next year's iPad Pro might support wireless charging Obama thinks we should elect more women because men are having 'some problems these days'
2.0339s , 8224.96875 kb
Copyright © 2025 Powered by 【1986 Archives】,Miracle Information Network