Skip to main content

Armed with iOS 0days, hackers indiscriminately infected iPhones for two years

posted onSeptember 1, 2019
by l33tdawg
Arstechnica
Credit: Arstechnica

Hackers exploited more than a dozen iOS vulnerabilities—most of them unpatched zerodays—in a two-year campaign that stole photos, emails, log-in credentials, and more from iPhones and iPads, researchers from Google’s Project Zero said.

The attacks were waged from a small collection of hacked websites that used the exploits to indiscriminately attack every iOS device that visited. Attacks against 14 separate vulnerabilities were packaged into five separate exploit chains that gave the attackers the ability to compromise up-to-date devices over a period of more than two years. An analysis of the well-written exploit chains shows they were likely developed contemporaneously with the exploited iOS versions, which spanned from iOS iOS 10.0.1 released in September 2016 to 12.1.2 issued last December.

“I shan't get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million,” Project Zero researcher Ian Beer wrote in a deep-dive post analyzing the exploits and the malware they installed. “I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time.”

Source

Tags

Security Apple

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th