Google Uncovers Malicious Website Exploits That Targeted At iPhone Users For Years

Ian Beer, the Google's Project Zero researcher who have contributed in the development of several jailbreak tools published a blog post that explains how malicious websites could hacked into the victim's iPhone without their acknowledge. This limited collection of hacked websites has been used for years in what is being characterized as "indiscriminate" attacks toward unsuspecting tourists, however, the threat has been addressed by Apple.

Google's Threat Analysis team has identified a set of five separate and complete iPhone exploit chains that have impacted from iOS 10 though to iOS 12. If the attacks were effective, a monitoring implant would be mounted on the targeted iPhone, capable of stealing private data, including emails, pictures and GPS location, in real time. It's unclear how many users were impacted by such attack, but Google suggesting that one of the hacked websites received thousands of views per week.

The fact that many attacks were targeted to a certain region or ethnic group is what makes them stands out from others:
To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.
According to Project Zero, they have found 14 vulnerabilities in iOS, 7 for Safari, 5 for the kernel, and two separate sandbox escaping vulnerabilities. Fortunately, the security team reported the findings to Apple in February, and Apple was able to release iOS 12.1.4 in the same month addressed these issues.

For detailed analysis of the security threat, please visit Google's Project Zero blog.

Image Via The Inquirer

Post a Comment

Previous Post Next Post