Google issues a critical security warning for a billion Apple users



[ad_1]
<div _ngcontent-c15 = "" innerhtml = "

Apple's security vulnerabilities are back in the news. Just days after high-profile emergency iPhone patchGoogle's security researchers have issued a new warning about "hacking websites" that is severely damaging the well-established security credentials of tech giant Cupertino. Worse, the warning came the same day that the launch of the iPhone 11 was confirmed. And as the security warnings disappear, this one is serious.

Google's Project Zero team has disclosed several "hacked websites" were used to attack iPhones for two years. & nbsp; And every updated iPhone is vulnerable. "There was no target discrimination," said the researchers, "it was enough to visit the hacked site for the operating server to attack your device and, if necessary, install an implant. surveillance. "

The problems were solved only until the iOS 12.1.4 update.

Google's research team "has been able to bring together five distinct, complete and unique iPhone exploit chains, covering almost all versions, from iOS 10 to the latest version of iOS 12. This indicated a group doing a sustained effort to hack iPhones users in some communities over a period of at least two years. "

To recap, because this disclosure is extraordinary: malicious websites have been running for at least two years and all iPhone using iOS via iOS 12 were vulnerable to attack. & Nbsp; In reality, this means that almost all iPhones were vulnerable all this time. .

Several "operating chains" were in place, designed to attack several "security loopholes". In doing so, the attackers were able to gain highly privileged access to the major components of the iPhone operating system, which allowed the installation of malicious software and to be accessed. & nbsp; An attack could have devastating consequences. Access to photos and messages, theft of login credentials and bank passwords, and even access to location information. & Nbsp; These passwords could have been stored in the system without being deleted when accessing a website.

The five exploit chains are detailed in Google's disclosure, as well as the test results performed on an infected device to examine how this infection could work in practice.

According to Google, "real users" make decisions based on public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you are targeted. "

The problem for Apple is that it would undermine confidence in the security of the brand. This disclosure is so severe, so damaging, and so intrusive to the nature of the vulnerability, that it will leave users wondering how such a serious range of defects could have been left open.

In my opinion, the speed with which the company reacted to the jailbreak problem (as well as the Zoom problem and even the recent Siri problem) was a reason to maintain trust in the brand. This disclosure could undermine this – not because of the answer, but because of the severity of the vulnerability.

The other question, of course, is that if these feats were in place for two years before being discovered, what else we do not know yet. & Nbsp;

"All that users can do is be aware that mass exploitation still exists and behave accordingly," said Google in its revelation, "considering their mobile devices as part of an integral part of their modern life, but also as devices that can upload each of their actions into a database for possible use against them. "

The disclosure was published late the day Apple announced the launch date of the next iPhone 11. Purely by chance, of course.

No comments from Apple on this. & Nbsp;

With regard to advice to millions of users worried about this news? Clearly update right now – this problem has been resolved, but others will have been found since. Pay attention to visited websites and downloaded applications. And always use common sense. Smartphones are the key to our digital realm and should be treated as such.

">

Apple's security vulnerabilities are back in the news. Just days after the release of its urgent fix for the iPhone, Google's security researchers have issued a new "website hacking" warning that is severely damaging the tech giant's reputation for security Cupertino. Worse, the warning came the same day that the launch of the iPhone 11 was confirmed. And as the security warnings disappear, this one is serious.

The Google Project Zero team revealed that a number of "hacked websites" had been used to attack iPhones for two years. And every updated iPhone is vulnerable. "There was no target discrimination," said the researchers, "it was enough to visit the hacked site for the operating server to attack your device and, if necessary, install an implant. surveillance. "

The problems were solved only until the iOS 12.1.4 update.

Google's research team "has been able to bring together five distinct, complete and unique iPhone exploit chains, covering almost all versions, from iOS 10 to the latest version of iOS 12. This indicated a group doing a sustained effort to hack iPhones users in some communities over a period of at least two years. "

To recap, because this disclosure is extraordinary: malicious websites have been running for at least two years and each iPhone under iOS via iOS 12 was vulnerable to attack. In reality, this means that virtually every iPhone was vulnerable all this time.

Several "operating chains" were in place, designed to attack several "security loopholes". In doing so, the attackers were able to gain highly privileged access to the major components of the iPhone operating system, which allowed the installation of malicious software and to be accessed. An attack could have devastating consequences. Access photos and messages, steal login credentials and bank passwords, and even access location information. And these passwords could have been stored in the system and not deleted when accessing a website.

The five exploit chains are detailed in Google's disclosure, as well as the test results performed on an infected device to examine how this infection could work in practice.

According to Google, "real users" make decisions based on public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you are targeted. "

The problem for Apple is that it would undermine confidence in the security of the brand. This disclosure is so severe, so damaging, and so intrusive to the nature of the vulnerability, that it will leave users wondering how such a serious range of defects could have been left open.

In my opinion, the speed with which the company reacted to the jailbreak problem (as well as the Zoom problem and even the recent Siri problem) was a reason to maintain trust in the brand. This disclosure could undermine this – not because of the answer, but because of the severity of the vulnerability.

The other question, of course, is that if these feats were in place for two years before being discovered, what else has not been discovered yet?

"All that users can do is be aware that mass exploitation still exists and behave accordingly," said Google in its revelation, "considering their mobile devices as part of an integral part of their modern life, but also as devices that can upload each of their actions into a database for possible use against them. "

The disclosure was published late the day Apple announced the launch date of the next iPhone 11. Purely by chance, of course.

No comments on all this so far from Apple.

With regard to advice to millions of users worried about this news? Clearly update right now – this problem has been resolved, but others will have been found since. Pay attention to visited websites and downloaded applications. And always use common sense. Smartphones are the key to our digital realm and should be treated as such.

[ad_2]
Source link