Google reveals how an iOS malware campaign works

Posted date 04/09/2019

29/08/2019

In early 2019, Google’s Threats Analysis Group (TAG) notified Apple about 14 vulnerabilities affecting iPhone devices from versions iOS 10 to iOS 12. This vulnerabilities was patched on out-of-band release of iOS 12.1.4 on 7 Feb 2019.

To get infected it was enough to visit a compromised web site, and from de web server, the device was infected and a monitoring tool was installed.

After analyzing it, Google has published a series of articles explaining the magnitude and functioning of the 5 different exploits chains used in this malware campaign. This vulnerabilities affected to different system software tools, with 7 of them affecting to iPhone web browser, five affecting the kernel, and two allowing sandbox escapes. Being this two last ones 0-day vulnerabilities (CVE-2019-7287 y CVE-2019-7286).

References

29/08/2019

googleprojectzero.blogspot.com

A very deep dive into iOS Exploit chains found in the wild
07/02/2019

support.apple.com

Acerca del contenido de seguridad de iOS 12.1.4
01/09/2019

forbes.com

iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources
31/08/2019

unaaldia.hispasec.com

iPhone Zero Days: un nuevo spyware de altas capacidades puede monitorizar toda la vida digital de las personas

Etiquetas