Hacked sites attacked thousands of iPhones every week for years using undiscovered exploits
In what's being touted as potentially one of the biggest attacks on iPhone users ever, Google has revealed that a collection of websites were hacked to deliver malware onto iPhones, with the iOS vulnerabilities involved going unchecked and undiscovered for years — as well as subsequent attacks.
The hacks installed zero-interaction malware into unnamed sites that received thousands of visitors every week. Simply visiting the sites, without clicking or scrolling at all, could deliver a monitoring implant onto users' iPhones.
Google demonstrated that the implant could "steal private data like iMessages, photos and GPS location in real-time"; it also had access to users' keychains and password data, as well as database files containing plaintext of messages sent and received in messaging apps such as Google Hangouts, and even specifically end-to-end encrypted apps including WhatsApp, iMessage, and Telegram. Read more...
More about Security Flaw, Apple Iphone, Ios 12, Google Project Zero, and Techfrom Mashable https://ift.tt/2HtnTN5
No comments