For over two years, 14 critical zero-day vulnerabilities in Apple's iOS have been weaponized into 5 privilege-escalating zero-click exploit chains that have remotely and completely taken over hundreds of thousands of iPhones. Apple's response? Not a big deal. This was just "narrow" "targeted" campaign. Support independent content by donating Monero or Bitcoin
Monero: 84DYxU8rPzQ88SxQqBF6VBNfPU9c5sjDXfTC1wXkgzWJfVMQ9zjAULL6rd11ASRGpxD1w6jQrMtqAGkkqiid5ef7QDroTPp
Bitcoin: 1HkDxXAVDFhBHSyRjam5WW5uoY88sxn5qz
You can block scripts to prevent browser exploitation with:
NoScript Security Suite:
uBlock Origin tutorial:
The exploits have been in some way used from at least September 2016 and the attackers were supporting their exploit chains since at least iOS 10.0.1 until 12.1.4. Infected users would immediately have all of their data from their devices uploaded to remote servers and updates sent every 60 seconds.
The data collected would include location, device model, keychain, name and serial number, phone number, contacts, messages, attachments, notes, list of installed apps, recordings, photos, files, call history, passwords and container directories of every app on the device.
The implant had a hardcoded list of apps from which it always uploaded plain-text data to the attacker controlled servers. Among the selected apps were: Gmail, Facebook, Skype, Telegraph, WhatsApp and others.
Sources
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
[25]
[26]
[27]
[28]
[29]
Credits
Music by: CO.AG Music
Follow me:
The footage and images featured in the video were for critical analysis, commentary and parody, which are protected under the Fair Use laws of the United States Copyright act of 1976.
0 Comments