Google reveals how an iOS malware campaign works
In early 2019, Google’s Threats Analysis Group (TAG) notified Apple about 14 vulnerabilities affecting iPhone devices from versions iOS 10 to iOS 12. This vulnerabilities was patched on out-of-band release of iOS 12.1.4 on 7 Feb 2019.
To get infected it was enough to visit a compromised web site, and from de web server, the device was infected and a monitoring tool was installed.
After analyzing it, Google has published a series of articles explaining the magnitude and functioning of the 5 different exploits chains used in this malware campaign. This vulnerabilities affected to different system software tools, with 7 of them affecting to iPhone web browser, five affecting the kernel, and two allowing sandbox escapes. Being this two last ones 0-day vulnerabilities (CVE-2019-7287 y CVE-2019-7286).
References:
- 29/08/2019 googleprojectzero.blogspot.com A very deep dive into iOS Exploit chains found in the wild
- 07/02/2019 support.apple.com Acerca del contenido de seguridad de iOS 12.1.4
- 01/09/2019 forbes.com iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources
- 31/08/2019 unaaldia.hispasec.com iPhone Zero Days: un nuevo spyware de altas capacidades puede monitorizar toda la vida digital de las personas