Google researchers drop a bombshell- Targeted iPhone exploits from malicious websites dating back years

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
In Technology News by FL Computer Tech
apple iphone

A new report from Vice today details discoveries made by Google Project Zero researchers that “may be one of the largest attacks against iPhone users ever.” The basis of the attacks is a series of hacked websites, which were randomly distributing malware to iPhone users.

In a blog post, Project Zero’s Ian Beer explained that there was “no target discrimination” when it came to this series of attacks. Users could be impacted by simply visiting one of the hacked sites, which were said to be receiving thousands of views per week.

Google’s Threat Analysis Group detected a set of five separate and complete iPhone exploit chains affecting iOS 10 through all versions of iOS 12. “This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years,” Beer wrote.

Once a user visited one of the malicious websites and the malware was deployed, the implant “primarily focused on stealing files and uploading live location data,” as often as every 60 seconds. Because the end device itself had been compromised, services like iMessage were also affected.

Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery.

Beer says that Project Zero reported the issues to Apple with a 7-day deadline on February 1st, 2019 – and they were fixed in the release of iOS 12.1.4 on February 9th, 2019.

This chain of exploits is unique because many attacks are more targeted in scope, but this one affected anyone who happened to visit one of the infected websites.

To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.

The incredibly detailed analysis of iOS exploit chains found in the wild can be read on Google’s Project Zero blog. Here, Ian Beer goes into more details about the security fixes Apple made in iOS 12.1.4, which included a fix for the FaceTime eavesdropping bug, as well as security issues discovered by the Project Zero team.

Michael Duff

Michael Duff

Leave a Replay

Our Latest News

Covid-19 News Website

FL Computer Tech Is dedicated to helping our country overcome The Coronavirus Pandemic that has already taken so many lives and has effectively shut down the greatest nation on our planet.  We have recently launched our Covid-19 FAQs website.  We will be adding important and useful resources on a regular basis.

Recent Posts

DevOps with GitHub Solution Overview Video

Developers are at the core of innovation. Learn how you can stand out in a competitive market while you optimize product innovation, accelerate delivery in a changing market, and enhance operations with greater control, flexibility, and security. Check out the video and contact FL Computer Tech to learn more.

Read More »

What is DevOps?

It’s never been a more productive time to be a developer. Support or build your #DevOps team with #Microsoft. Together, Microsoft GitHub and #Azure DevOps provides an end-to-end experience for development teams to easily collaborate while building and releasing code to Azure, on-premises or any cloud. Looking for a deeper understanding of DevOps? Check out this infographic and contact FL Computer Tech to learn more.

Read More »

Follow Us

Video Archive

Sign up for our Newsletter

Looking for the latest in technology news? Do you like tips, tricks and shortcuts? Sign up today!

Sign Up To Access Your FREE Report!

To access our 2019 Ransomware Report, please enter your email address and we’ll send the download link immediately.