The Google threat analysis group (TAG) has announced the discovery of a small number of hacked websites that had been attacking iPhone users for two years, exploiting a vulnerability in the iOS operating system, accessing its server and implementing a monitoring system in the device when they entered them that allowed the access of the hackers to all user data.
According to a blog post on Project Zero, the Google team dedicated to investigating 'zero day' security vulnerabilities, 'hackers' have made a constant effort to hack iPhones users in certain communities during a period of at least two years, "says a member of his team, Ian Beer.
The attack system was that the user entered the hacked web page, and the attacker could access his server and install a monitoring system on his device that allowed him to gain absolute control of it and with it access to all his data . According to Beer, "these pages receive thousands of visitors per week."
It is a 'watering hole' type attack, a strategy in which attackers observe websites visited by a group of victims and infect one of them with 'malware', thus infecting them .
TAG has discovered five chains of exploitation (exploit) of iPhone mobiles that affected versions from iOS 10 to the last of iOS 12. In total they have found fourteen vulnerabilities, which have been seven of the iPhone web browser, five for the core and two separate sandboxes - an isolation of processes that the system uses to execute programs - that allow malicious code to be introduced into a device from outside.
Beer states that Google communicated this situation to Apple on February 1, 2019, setting a week deadline for it to solve the problem, which coincided with the launch of iOS 12.1.4. Apple released a patch to correct the vulnerability on February 7, a fact that it made public through its website.
No comments:
Post a Comment