Researchers from the Google Project Zero group have discovered a vulnerability that is one of the biggest in the history of the iOS platform. The malicious malware exploited bugs in the mobile Safari web browser.
Google Project Zero expert Ian Beer explains everything on his blog. No one had to avoid the attacks this time. It was enough to visit an infected website to become infected.
Analysts from the Threat Analysis Group (TAG) eventually discovered a total of five different bugs that were present from iOS 10 to iOS 12. In other words, attackers could use the vulnerability for at least two years since these systems were on the market.
The malware used a very simple principle. After visiting the page, a code ran in the background that was easily transferred to the device. The main purpose of the program was to collect files and send location data at one minute intervals. And since the program copied itself into the device's memory, not even such iMessages were safe from it.
TAG together with Project Zero discovered a total of fourteen vulnerabilities across five critical security flaws. Of these, a full seven related to mobile Safari in iOS, another five to the kernel of the operating system itself, and two even managed to bypass sandboxing. At the time of discovery, no vulnerability had been patched.
The series of these vulnerabilities is dangerous in that attackers could easily spread the code through the affected sites. Since all it takes to infect a device is to load a website and run scripts in the background, pretty much anyone was at risk.
Everything is technically explained on the English blog of the Google Project Zero group. The post contains a wealth of detail and detail. It's amazing how a mere web browser can act as a gateway to your device. The user is not forced to install anything.
The security of our devices is therefore not a good thing to take lightly.
Petr Škuta 
David Hanak 
