Can you think that an iPhone can be turned into a tracking tool that records the entire digital life of its owner, including their location in real-time, their emails, chats, contacts, photos and saved passwords?
The hacked sites used the iPhone 0-day in indiscriminate watering hole attacks against their viewers.
When Apple released the Emergency Band Update on February 7, it took iOS to version 12.1.4.
However, two further shortcomings of the same consultation (CVE-2017-17287 and CVE-2019-7286) have been briefly described in which attackers can use to obtain superior and / or kernel privileges.
After months of analysis, these flaws were part of the fourteen vulnerabilities that were abused by the group behind the attacks that Google discovered.
Google has isolated five distinct exploitation chains – campaigns run over time using a combination of different flaws – one of which was dated in late 2016.
Victims ‘iPhones would have installed the malware in the form of a powerful monitoring implant capable of taking chat messages (including WhatsApp, Telegram and iMessage), real-time monitoring of users’ locations and access to the Keychain password store.