•   
  •   
  •   

TechnologyResearchers: Websites infected iPhones with spyware

19:35  30 august  2019
19:35  30 august  2019 Source:   msn.com

Google uncovers exploit-laden websites that stole data from iPhones

Google uncovers exploit-laden websites that stole data from iPhones A small collection of hacked websites targeted iPhones using zero-day attacks for at least a couple of years, Google's Project Zero team has revealed in a newly published report. 

Researchers say cyberspies exploited security vulnerabilities to plant spyware on Apple iPhones when users merely visited a small group of malware- infected websites . Security experts are calling the just-announced vulnerability, which Apple fixed in February, the worst yet affecting iPhones .

Researchers : Websites infected iPhones with … Share this Researchers say cyberspies exploited security vulnerabilities to plant spyware on Apple iPhones when users merely visited a small group of malware- infected websites .

Researchers say cyberspies exploited security vulnerabilities to plant spyware on Apple iPhones when users merely visited a small group of malware-infected websites.

Researchers: Websites infected iPhones with spyware © Provided by The Associated Press FILE - This Sept. 12, 2018, file photo shows an Apple iPhone XR on display at the Steve Jobs Theater after an event to announce new products, in Cupertino, Calif. Security experts are calling a newly announced security vulnerability the worst yet affecting Apple’s iPhone. Google researchers say the mere act of visiting a small group of malware-infected websites was enough to allow attackers to steal sensitive information from iPhones, including text messages, photos and real-time location data. (AP Photo/Marcio Jose Sanchez, File)

Sensitive data accessed included text messages, photos and real-time location. Security experts are calling the just-announced vulnerability, which Apple fixed in February, the worst yet affecting iPhones.

Apple tries to clear up Google's claims about iOS vulnerabilities

Apple tries to clear up Google's claims about iOS vulnerabilities Apple has taken issue with Google's findings about exploit-laden websites injecting malicious code into iPhones. Last week, Google published a blog post describing how a handful of hacked websites had taken advantage of an iOS vulnerability. Today, Apple shared a rebuttal. Apple reiterates that the vulnerabilities Google highlighted were fixed in February. It says the attack affected fewer than a dozen websites that were targeted at the Uighur community. Apple believes the website attacks were only operational for about two months, not two years, as the Google security researchers wrote. Apple reportedly fixed the issue within 10 days of learning about it.

Researchers from Google’s Project Zero have discovered several hacked websites that have been attacking iPhones for at least two years now. The infected websites managed to install spyware on the devices of victims, where it obtained unlimited device access privileges and worked in the

Researchers say suspected nation-state hackers infected Apple iPhones with spyware over two years in what security experts on Friday called an alarming security failure for a company whose calling card is privacy. A mere visit to one of a small number of tainted websites could infect an iPhone with

Google security researchers say thousands of iPhone users were exposed over more than two years before Apple issued a patch. They do not say who was behind the cyberespionage but experts say it has the hallmarks of a nation-state effort.

Google researcher Ian Beer says in a blog posted late Thursday that the discovery should dispel any notion that it costs a million dollars to successfully hack an iPhone.

Apple did not immediately respond to a request for comment.

Read More

Sites stealing iPhone data reportedly targeted Uyghur Muslims.
The websites stealing data from iPhones might have been used for particularly sinister purposes. TechCrunchsources claim the sites were part of a state-sponsored campaign, presumably from China, targeting the country's Uyghur Muslim population. The pages would have let China swipe sensitive info like messages and passwords, not to mention track their locations. Apple quietly fixed the issue with iOS 12.1.4 in February, but it's possible that thousands of Uyghurs' phones were compromised before then. It's not certain if the sites also targeted Android users, although Forbessources said Android and Windows users were also under the crosshairs.

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!