Google, through the researchers who are part of Project Zero, detailed today the most powerful malware attack ever made against the iPhone. According to them, we are talking about websites with no less than 14 exploits that infected iPhones with malware right from the moment they were accessed.
From iOS 12 to iOS 12.1.3, any iPhone that accessed that website was automatically infected with malware, and it all happened for 2 years. The malware was specially designed so that even from the moment of accessing the website, the iPhone was exploited to send files and location information to the hackers every 60 seconds.
Everything was possible through the Safari browser, in which there were also vulnerabilities, and it is not the first time we see something similar, some jailbreak solutions being made in the same way. Apple solved the problem in February 2019 with the release of iOS 12.1.4, so there is no danger now, but the attack itself remains in history.
“Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone web browser, five for the kernel, and two separate sandflies. Initial analysis showed that at least one of the privilege escalation chains was still 0 days old and unassigned at the time of discovery."
Until now, iPhones could be considered safe and impossible to attack with malware, but it seems that this is no longer true, because there are vulnerabilities that can be exploited on the web. Although the Apple company solved the problem shortly after it was announced, it still remains to confirm the fact that the vulnerabilities exist.
