Google security experts have uncovered an “indiscriminate” hacking operation that targeted iPhones over a period of at least two years, and used websites to implant malicious software to access photos, users’ locations and other data.
According to a blog post by Project Zero’s Ian Beer, Google’s Threat Analysis Group (TAG) discovered some “sustained effort” to launch attacks against iPhone users through hacked websites.
The hackers used an exploit server; these compromised sites would then drop a malicious implant to iPhone devices when visited. Once installed, the malware would collect private information including contacts, photos, and other data of the owner (via BBC).
Beer noted that there were thousands of visitors to these websites on a weekly basis. The attacks were limited only to certain communities and lasted for at least two years, with no target discrimination, according to Beer.
Based on five distinct exploit chains found by Google, it was revealed that the security flaws affected iOS 10 through to iOS 12. Beer went on to explain:
“Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery (CVE-2019-7287 & CVE-2019-7286).”
Latest posts by Ripples Nigeria (see all)
- COVID-19: INEC deploys 100 vehicles in Abuja, Lagos, 4 others for contact tracing - April 3, 2020
- World Bank excludes Nigeria from its $1.9bn COVID-19 response fund - April 3, 2020
- Fire guts shops in Lagos Island - April 3, 2020