Google Outlines iPhone Vulnerabilities That Let Malicious Websites Steal User Data for Years, Now Fixed
Google's Project Zero published a blog post this week about a previous security threat wherein malicious websites quietly hacked into the victim's iPhone. This small collection of hacked websites were used in what was described as "indiscriminate" attacks against unsuspecting visitors for years, but the threat has been addressed by Apple.
If the attacks were successful, a monitoring implant would be installed on the targeted iPhone, able to steal private data including messages, photos, and GPS location in real time. Google estimated that thousands of visitors headed to these websites per week over the course of two years, and that iOS versions ranging from iOS 10 to iOS 12 were exploited.
There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.
TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.
Project Zero discovered exploits for a total of 14 vulnerabilities in iOS, seven for Safari, five for the kernel, and two separate sandbox escapes. The team reported these findings to Apple in February, and Apple's release of iOS 12.1.4 that same month addressed the issues.
Google's deep dive into the iOS exploit can be read on the company's Project Zero blog.
Popular Stories
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Best Buy is discounting a collection of M3 MacBook Pro computers today, this time focusing on the 14-inch version of the laptop. Every deal in this sale requires you to have a My Best Buy Plus or Total membership, although non-members can still get solid second-best prices on these MacBook Pro models. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a...
Top Rated Comments
So the moral of the story is: If Google can somehow embarrass Apple over an exploit they'll release information to the public. If they can use the exploit to their own advantage, they'll keep quiet about it.
GOTO: https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html
Going to quote it simply to counter the inevitable posts saying Apple somehow screwed up....blah....blah....blah.
First off, Apple didn't ignore this exploit for years. They simply didn't know about it. The only reason it went unnoticed for so long is because it wasn't widespread. Once an exploit becomes common it's usually discovered quickly. This is why zero-days are so valuable and often sold to governments or others who can afford to pay a couple million for an exploit. It's also why those same people only use the exploits on targets they consider valuable, because once it's out there it will be discovered and fixed.
Secondly, Apple dealt with it immediately. Google notified Apple on Feb 1st and Apple released a patch on Feb 7th. This is a perfect example of Apple having superior security to Android. Exploits will always exist. Being able to quickly roll out a fix for an exploit is one of the most important methods in dealing with them. Something Android is absolutely horrible at.