In what may be one of the largest attacks against iPhone users ever, researchers at Google say they uncovered a series of hacked websites that were delivering attacks designed to hack iPhones. The websites delivered their malware indiscriminately, were visited thousands of times a week, and were operational for years, Google said.
“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week,” Ian Beer, from Google’s Project Zero, wrote in a blog post published Thursday.
iPhone exploits are relatively expensive and the iPhone is difficult to hack. The price for a full exploit chain of a fully up to date iPhone has stretched up to at least $3 million.
Beer writes that Google’s Threat Analysis Group (TAG) was able to collect five distinct iPhone exploit chains based on 14 vulnerabilities. These exploit chains covered versions from iOS 10 up to the latest iteration of iOS 12. At least one of the chains was a zero day at the time of discovery and Apple fixed the issues in February after Google warned them, Beer writes.
MacDailyNews Take: And, Apple’s iOS gets even more secure!
What sites? Who actually visited and how many were iphones/ios devices? We appreciate the help in making the net more secure but indiscriminate FUD is counter productive and amounts to click bait
Google and its “partners” of course!
Hmmm. Interesting how the makers of Androcrap are focussed on finding thing to complain about with iPhone security. I wonder if that has any significance.
How about not telling us the list of websites that were compromised, so that we can’t do things like change passwords, at the least.
Just what I want to know. A compromise and dead air. Kind of like a gif that ends too soon.
General announcement of, be weary of STDs, because we have a list of people who have it, but won’t tell you who.
Getting annoyed with new trend of MDN articles that don’t link to the full story. This story provides no link so we can learn about which sites should be avoided. C’mon MDN. More advertising with less info does not translate into value.
Yeah it does – click on Joseph Cox for Vice at the top.