English

Apple iOS was struck by five critical security flaws

  • Home
  • Article
  • Apple iOS was struck by five critical security flaws
Apple iOS was struck by five critical security flaws
Images
  • By electronics-phone
  • 406 Views

Google researchers have discovered several series of serious vulnerabilities that affected almost all iOS devices over the past two years, and simply exploitable by going to a hacked site.What "monitor whole populations".

Apple thought of having a great day by announcing the launch date of the iPhone 11, but it's missed.The Project Zero team from Google, specializing in hunting for severe vulnerabilities called 0-day, has just published the existence not of one, but of five fault chains bringing together fourteen different vulnerabilities.These were brought to the attention of Apple on February 1, 2019 and were corrected on February 7 in the iOS 12 update.1.4, that all iPhone and iPad users must therefore install if it has not already been done.

The research cell "was able to collect five separate, complete and unique iPhone feat for iPhone, covering almost all versions from iOS 10 to the most recent version of iOS 12.This indicated that a group made sustained efforts to hack users of iphones in certain communities over a period encompassing at least the last two years ".This is undoubtedly the most serious cybersecurity incident in iOS history.

Indisputable and major attacks

Almost all iOS devices were therefore vulnerable for at least two years, and could be attacked when visiting certain websites."There was no discrimination on the target.It was simply enough to visit the pirated site for the feat server to attack your device, and in case of success, installs a monitoring implant."The involved sites welcomed" thousands of users per week ".

L’iOS d’Apple a été frappé par cinq failles de sécurité critiques

"It's terrifying," comments cybersecurity researcher Thomas Reed with Wired magazine."We are used to that iPhone infections are targeted attacks made by state opponents.The idea that someone infected all the iPhone that visited some sites is cold in the back.The faults allowed attackers to climb privileges, and thus gain almost total access to the internal operation of the device and the data stored therein.A Spyware was then installed on the smartphone to return this data to the attackers' servers.

An involved state actor?

Project Zero does not give any indications on the identity of the hackers who exploited these flaws.The extent and complexity of these attacks, clearly oriented towards mass espionage, suggest a sovereign state.It is quite remarkable that the operation could have been active for so long without being detected.We can assume that massive data collection has been restricted to the national territory of the country which would have ordered the case.

However, the contrast is striking between the sophistication of 0-day and the amateurism of Spyware that these allowed to install.The malicious implant exfiltrates phones data without using https encryption, however standard on the web, so that anyone on the network could observe what was going on.The data were sent to servers whose IP addresses were written in clear in the spyware.

It is possible that an inexperienced government agency has bought vulnerabilities to a group of third -party hackers, probably with the mirobal sums."These are people with a mountain of money and horrible know-how, because they are relatively new to this game," conjecture with Wired Jake Williams, a former NSA hacker.

In any case, these incidents mark a page in the security of iOS.The Apple operating system was deemed to be difficult to hack in depth, each hacking can only target an individual device with exorbitant financial costs for everyone-hence the cliché of a dissident million-dollar, according to an opponentEmirati whose espionage would have cost more than a million dollars for the United Arab Emirates regime.

"I would not enter into a discussion whether these exploits cost 1 million, 2 million, or 20 million dollars," wrote Ian Beer of Project Zero."I would rather suggest that all these prices seem low given the capacity to target and monitor the private activities of whole populations in real time".


To follow us, we invite you to download our Android and iOS application.You can read our articles, files, and watch our latest YouTube videos.