Thursday, September 5, 2019

Significant iOS Vulnerabilities Used Against Uyghur Muslims in China

Rich Mogull:

On 29 August 2019, Google’s Project Zero security research team released the details of a major series of attacks against iOS using sophisticated, zero-day exploits on a scale unprecedented in the iOS world. (Wired has a less technical summary of the Project Zero report, which is aimed at security professionals.) This is the most significant iOS security incident we are aware of since the launch of the iPhone. And while it’s extremely unlikely that any TidBITS readers had their devices compromised, the news remains a concerning development.

[…]

Infection was easy: if a user visited one of the hacked Web sites using an iOS device, that device would be infected with implanted malware without having to interact with the user in any way. That malware could monitor the infected device’s GPS location data in real time, up to once per minute. It could also steal files on the device[…]

[…]

First off, because Google reported all the exploits to Apple quickly, and Apple responded by patching them all in iOS within days, you’re protected from these particular attacks as long as you’re running an updated version of iOS. The implant malware could also be removed merely by restarting the iPhone.

Catalin Cimpanu:

The Zerodium CEO said “the zero-day market is so flooded by iOS exploits” that they are now refusing them

Also, check out this statement regarding iOS security.

1 Comment RSS · Twitter


[…] Significant iOS Vulnerabilities Used Against Uyghur Muslims in China […]

Leave a Comment