Google Outlines iPhone Vulnerabilities That Let Malicious Websites Steal User Data for Years, Now Fixed

Google's Project Zero published a blog post this week about a previous security threat wherein malicious websites quietly hacked into the victim's iPhone. This small collection of hacked websites were used in what was described as "indiscriminate" attacks against unsuspecting visitors for years, but the threat has been addressed by Apple.


If the attacks were successful, a monitoring implant would be installed on the targeted ‌iPhone‌, able to steal private data including messages, photos, and GPS location in real time. Google estimated that thousands of visitors headed to these websites per week over the course of two years, and that iOS versions ranging from iOS 10 to iOS 12 were exploited.

There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.

TAG was able to collect five separate, complete and unique ‌iPhone‌ exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.

Project Zero discovered exploits for a total of 14 vulnerabilities in iOS, seven for Safari, five for the kernel, and two separate sandbox escapes. The team reported these findings to Apple in February, and Apple's release of iOS 12.1.4 that same month addressed the issues.

Google's deep dive into the iOS exploit can be read on the company's Project Zero blog.

Top Rated Comments

(View all)
Avatar
8 months ago
So what were the malicious sites?
Score: 72 Votes (Like | Disagree)
Avatar
8 months ago
The defenders will soon be here trying to explain how Apple was not at fault and that the company is really trying to put privacy priority # 1 (ha...ha...ha).
Score: 29 Votes (Like | Disagree)
Avatar
8 months ago

Stick that on a billboard


Sure. Along with the time Google discovered a security flaw in Safari and instead of notifying Apple so they could fix it they wrote malware to exploit it so they could keep tracking users.

So the moral of the story is: If Google can somehow embarrass Apple over an exploit they'll release information to the public. If they can use the exploit to their own advantage, they'll keep quiet about it.
Score: 23 Votes (Like | Disagree)
Avatar
8 months ago

So what were the malicious sites?


Same question. Read the articles, and didn’t see them listed. Maybe I missed them... I feel google has the responsibility to disclose them.
Score: 18 Votes (Like | Disagree)
Avatar
8 months ago
Kudos to Google's Project Zero in spades.
GOTO: https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html


"... we examined how the attackers gained unsandboxed code execution as root on iPhones. At the end of each chain we saw the attackers calling posix_spawn, passing the path to their implant binary which they dropped in /tmp. This starts the implant running in the background as root. There is no visual indicator on the device that the implant is running. There's no way for a user on iOS to view a process listing, so the implant binary makes no attempt to hide its execution from the system.

The implant is primarily focused on stealing files and uploading live location data. The implant requests commands from a command and control server every 60 seconds.

Before diving into the code let's take a look at some sample data from a test phone running the implant and communicating with a custom command and control server I developed. To be clear, I created this test specifically for the purposes of demonstrating what the implant enabled the attacker to do and the screenshots are from my device. The device here is an iPhone 8 running iOS 12.

The implant has access to all the database files (on the victim’s phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage. We can see here screenshots of the apps on the left, and on the right the contents of the database files stolen by the implant which contain the unencrypted, plain-text of the messages sent and received using the apps..."

Score: 16 Votes (Like | Disagree)
Avatar
8 months ago

Sounds like working as intended. Bugs found, reported and fixed in the same month.


This.

Going to quote it simply to counter the inevitable posts saying Apple somehow screwed up....blah....blah....blah.

First off, Apple didn't ignore this exploit for years. They simply didn't know about it. The only reason it went unnoticed for so long is because it wasn't widespread. Once an exploit becomes common it's usually discovered quickly. This is why zero-days are so valuable and often sold to governments or others who can afford to pay a couple million for an exploit. It's also why those same people only use the exploits on targets they consider valuable, because once it's out there it will be discovered and fixed.

Secondly, Apple dealt with it immediately. Google notified Apple on Feb 1st and Apple released a patch on Feb 7th. This is a perfect example of Apple having superior security to Android. Exploits will always exist. Being able to quickly roll out a fix for an exploit is one of the most important methods in dealing with them. Something Android is absolutely horrible at.
Score: 16 Votes (Like | Disagree)

Top Stories

Seemingly Unreleased Version of Logic Pro X With Live Loops Appears on Apple's Education Site [Updated]

Sunday March 29, 2020 7:23 am PDT by Hartley Charlton
Update: Apple has replaced the Logic Pro X image with an older version. Original story follows. A seemingly unreleased version of Logic Pro X has appeared on Apple's education site, as spotted by a Reddit user. The image from Apple's education products page shows a 16-inch MacBook Pro running Logic Pro X, but with a familiar interface that looks extremely similar to GarageBand's Live Loops ...

Zoom Updates iOS App to Stop Sending Data to Facebook

Friday March 27, 2020 5:35 pm PDT by Juli Clover
Zoom, a video conferencing app that many people are using at the current time to keep in touch with coworkers while working from home, was sending data to Facebook without disclosing the data sharing to customers. As of today, Zoom has updated its iOS app to remove the SDK that was providing data to Facebook through the Login with Facebook feature, according to Motherboard, the site that...

Apple Suppliers Worried About iPhone Demand, Production Ramp-Up for New iPhones Reportedly Postponed

Friday March 27, 2020 5:56 pm PDT by Juli Clover
Most of the factories in China that supply devices and components to Apple are back to churning out products, but Apple suppliers are said to be worried about how much demand there will be for the current iPhone models and the new iPhones expected in the fall. According to Reuters, a senior official at one of Apple's major supply companies said that orders for quarter ending in March are...

2020 iPad Pro Teardown Provides Closer Look at LiDAR Scanner and Confirms Incremental Update

Saturday March 28, 2020 9:56 am PDT by Hartley Charlton
iFixit today shared a video teardown of the new iPad Pro, which Apple unveiled earlier this month. iFixit found that most of the internals of the 2020 iPad Pro are the same as the 2018 model, confirming that the device is a relatively incremental update. The most notable new feature seen inside the new iPad Pro was the LiDAR scanner, which measures the distance to surrounding objects up...

Apple Watch Series 6 Could Feature Touch ID Fingerprint Sensor, Pulse Oximetry and Sleep Tracking Support

Friday March 27, 2020 11:28 am PDT by Juli Clover
The upcoming Apple Watch Series 6 set to be released this fall could include a Touch ID fingerprint sensor built into the crown of the device, according to Israeli site The Verifier, which cites "senior sources" who have worked with its staff for a "number of years" as the source of the rumor. It's not clear how the alleged Touch ID fingerprint sensor would be implemented, as the Digital...

Bloomberg: Apple's 5G iPhone Still on Schedule for Fall Launch, But Future Products Could Be Delayed

Monday March 30, 2020 2:40 am PDT by Tim Hardwick
Apple's 5G iPhone is still on track to launch within the company's typical annual fall release schedule, according to a new Bloomberg report on filed on Monday. Signs are that Apple's Chinese-centric manufacturing -- of which Hon Hai is the linchpin -- is slowly getting back on track. The next iPhones with 5G wireless capabilities remain on schedule to launch in the fall, partly because mass...

Kuo: Apple to Launch Several Macs With Arm-Based Processors in 2021, USB4 Support Coming to Macs in 2022

Thursday March 26, 2020 8:19 pm PDT by Joe Rossignol
Apple plans to launch several Mac notebooks and desktop computers with its own custom designed Arm-based processors in 2021, analyst Ming-Chi Kuo said today in a research note obtained by MacRumors. Kuo believes that Arm-based processors will significantly enhance the competitive advantage of the Mac lineup, allow Apple to refresh its Mac models without relying on Intel's processor roadmap,...

Top Stories: Hands-On With 2020 iPad Pro and MacBook Air, iOS and iPadOS 13.4 Released, iPhone 12 Delay?

Saturday March 28, 2020 6:00 am PDT by MacRumors Staff
After last week's flurry of product launches, Apple's new iPad Pro and MacBook Air have started to make their way into consumers' hands, and we've gone hands-on with both of them this week. Apple this week also released iOS and iPadOS 13.4 (as well as macOS, watchOS, and tvOS updates) with a number of new features and improvements. Subscribe to the MacRumors YouTube channel for more videos. ...

Deals: Huge Refurbished iPhone Sale Discounts iPhone 7, 8, X, XR, and XS (From $120)

Friday March 27, 2020 5:47 am PDT by Mitchel Broussard
Woot is back today with a big sale on refurbished iPhones, including markdowns on the iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone XR, iPhone XS, and iPhone XS Max. Note: MacRumors is an affiliate partner with Woot. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. As with every Woot purchase, those...

Apple Releases ProRes RAW Beta for Windows

Monday March 30, 2020 9:33 am PDT by Juli Clover
Apple today released ProRes RAW for Windows in a beta capacity (via Mark Gurman), with the software designed to allow ProRes RAW and ProRes RAW HQ video files to be watched in compatible applications on Windows machines. According to Apple, the software will let the files be played within several Adobe apps: Adobe After Effects (Beta) Adobe Media Encocder (Beta) Adobe Premiere...