Google Outlines iPhone Vulnerabilities That Let Malicious Websites Steal User Data for Years, Now Fixed
Google's Project Zero published a blog post this week about a previous security threat wherein malicious websites quietly hacked into the victim's iPhone. This small collection of hacked websites were used in what was described as "indiscriminate" attacks against unsuspecting visitors for years, but the threat has been addressed by Apple.
If the attacks were successful, a monitoring implant would be installed on the targeted iPhone, able to steal private data including messages, photos, and GPS location in real time. Google estimated that thousands of visitors headed to these websites per week over the course of two years, and that iOS versions ranging from iOS 10 to iOS 12 were exploited.
There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.
TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.
Project Zero discovered exploits for a total of 14 vulnerabilities in iOS, seven for Safari, five for the kernel, and two separate sandbox escapes. The team reported these findings to Apple in February, and Apple's release of iOS 12.1.4 that same month addressed the issues.
Google's deep dive into the iOS exploit can be read on the company's Project Zero blog.
Popular Stories
Apple today unveiled redesigned iPad Pro models featuring the M4 chip, Ultra Retina XDR OLED displays, a nano-texture display option, and more. The new iPad Pro offers a considerably thinner design and slightly larger 11- and 13-inch display size options. The 11-inch model is 5.3mm thick and weighs less than a pound, while the 13-inch model is just 5.1mm thick and weighs a quarter pound less ...
Apple's "Let Loose" event kicks off today at the unusual time of 7:00 a.m. Pacific Time, and we're expecting to see an iPad-focused event with new iPad Pro and iPad Air models, updated Apple Pencil and Magic Keyboard accessories, and perhaps some other announcements. Apple is providing a live video stream on its website, on YouTube, and in the company's TV app across various platforms. We...
Apple today announced that iOS 17.5 will be released to the public "soon," following over a month of beta testing. While the software update is relatively minor, it does have a few new features and changes, as outlined in the list below. "The new Pride Radiance watch face and iPhone and iPad wallpapers will be available soon with watchOS 10.5, iOS 17.5, and iPadOS 17.5," said Apple, in its...
Apple at its "Let Loose" event today announced a new Magic Keyboard for the latest iPad Pro models, with a thinner, lighter design. Apple says the Magic Keyboard has been redesigned to be thinner and lighter, while maintaing the same floating design. Two colors are available that match the new iPad Pro. New features include a function row with screen brightness controls, an aluminum...
Apple today held the first event of 2024, debuting new iPad Air and iPad Pro models and accompanying accessories. While the event was faster than normal and took 40 minutes, we've condensed it down even further for those who want a quick overview of everything that was announced. Subscribe to the MacRumors YouTube channel for more videos. We've also got a full recap of all of the coverage...
While the iPhone 16 series is still months away from launching, an early rumor about an all-new iPhone 17 model has now surfaced. In a research note with investment firm Haitong this week, analyst Jeff Pu said Apple is planning a so-called "iPhone 17 Slim" model that would replace the Plus model in the lineup. Pu said this model will feature around a 6.6-inch display, a slimmer design, an...
Apple at its "Let Loose" event today announced new M2-powered iPad Air models in 11-inch and 13-inch sizes with a new landscape FaceTime camera, AI features, and better sound quality with the larger model. Apple says the iPad Air has been designed "to make features pioneered on iPad Pro at a more affordable price," with the brand new larger 13-inch model offering 30% more screen real estate ...
Top Rated Comments
So the moral of the story is: If Google can somehow embarrass Apple over an exploit they'll release information to the public. If they can use the exploit to their own advantage, they'll keep quiet about it.
GOTO: https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html
Going to quote it simply to counter the inevitable posts saying Apple somehow screwed up....blah....blah....blah.
First off, Apple didn't ignore this exploit for years. They simply didn't know about it. The only reason it went unnoticed for so long is because it wasn't widespread. Once an exploit becomes common it's usually discovered quickly. This is why zero-days are so valuable and often sold to governments or others who can afford to pay a couple million for an exploit. It's also why those same people only use the exploits on targets they consider valuable, because once it's out there it will be discovered and fixed.
Secondly, Apple dealt with it immediately. Google notified Apple on Feb 1st and Apple released a patch on Feb 7th. This is a perfect example of Apple having superior security to Android. Exploits will always exist. Being able to quickly roll out a fix for an exploit is one of the most important methods in dealing with them. Something Android is absolutely horrible at.