[ad_1]
A new report from Vice Today, he details the findings made by Google Project Zero researchers that "it could be one of the largest attacks ever perpetrated against iPhone users" . The base of these attacks is based on a series of hacked websites, which randomly distribute malware to iPhone users.
Ecobee HomeKit Thermostat
In a blog post, Project Zero's Ian Beer explained that there was "no target discrimination" when it came to this series of attacks. Users could be impacted simply by visiting one of the hacked sites, which would receive thousands of views per week.
The Google threat analysis group has detected a set of five separate operating channels for the iPhone affecting iOS 10 across all versions of iOS 12. years, "wrote Beer.
Once a user has visited one of the malicious websites and the malware has been deployed, the "implant" is mainly focused on file theft and downloading. live location data, "every 60 seconds. Because the end device itself was compromised, services such as iMessage were also affected.
Working with TAG, we discovered fourteen vulnerabilities spread across the five chains of exploits: seven for the iPhone's web browser, five for the kernel, and two separate sandbox escapements. The initial analysis indicated that at least one of the elevation of privilege chains was still at 0 days and uncorrected at the time of discovery.
Beer stated that Project Zero had reported issues to Apple within 7 days from February 1, 2019 – and that these issues had been resolved in the iOS 12.1.4 release of February 9, 2019.
This chain of exploits is unique because many attacks have a more targeted scope, but this has affected anyone who visited one of the infected websites.
Being targeted may simply mean being born in a certain geographic area or belonging to a certain ethnic group. All that users can do is be aware that mass exploitation still exists and behave accordingly; to treat their mobile devices both as part of their modern life, but also as devices that, once compromised, can upload each of their actions into a database for possible use against them.
The incredibly detailed analysis of iOS farm chains found in the wild can be read on the Google Project Zero blog. Ian Beer explains in more detail Apple's security fixes in iOS 12.1.4, including a patch for the FaceTime bug, as well as security issues discovered by the Project Zero team.
<img class = "aligncenter wp-image-602344" title = "Jamf" src = "https://9to5mac.com/wp-content/uploads/sites/6/2020/07/Jamf-750×150.jpg?quality= 82 & strip = all "alt =" Jamf” width=”750″ height=”150″/>
Subscribe to 9to5Mac on YouTube for more information on Apple:
[ad_2]
Source link