Unidentified attackers have been compromising websites for nearly three years, equipping them with exploits that would hack visiting iPhones without any user interaction and deliver a stealthy implant capable of collecting much of the sensitive information found on users’ iOS-powered devices.
Indiscriminate compromise
“Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day,” shared Ian Beer, a researcher with Google’s Project Zero.
“There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.”
Subsequent research revealed the attackers’ use ..
Support the originator by clicking the read the rest link below.
