Story image

Apple issues clarification on extent of iOS malware infection

11 Sep 2019
Twitter
Facebook

Apple has issued a response to the reports of a vulnerability in its iOS operating system, saying the attack affected fewer than a dozen websites that focus on content related to the Uighur community.

Google researchers found that a set of websites hacked in February were being used to attack iPhones, infecting them with malware.

The iPhone malware implant, which has not been given a name, was able to escape the iOS sandbox and run as root, which meant it has bypassed the security mechanisms of iOS and has the highest level of privileges.

It was capable of stealing:

  • All keychains,
  • Photos,
  • SMS and email messages,
  • Contacts, notes, and recordings,
  • It can retrieve the full call history and is capable of doing real-time monitoring of the device location.
  • It also includes the capability to obtain the unencrypted chat transcripts from a number of major end-to-end encrypted messaging clients, including Messages, Whatsapp, and Telegram.
    • This means that if you’re infected, all your encrypted messages are not only collected by the attacker, but they’re transferred in clear-text across the Internet.

Apple says its heard from customers who were concerned by some of the claims and wanted to clarify the extent of the vulnerability.

The sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described.

“Regardless of the scale of the attack, we take the safety and security of all users extremely seriously,” it said in the statement.

“Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real-time,” stoking fear among all iPhone users that their devices had been compromised.”

The statement goes on to say that this was never the case.

Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies.

Apple says it fixed the vulnerabilities in question in February — working to resolve the issue 10 days after it learned about it.

“When Google approached us, we were already in the process of fixing the exploited bugs.”

“Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found.”

The malware implant has been patched, but iPhone users should ensure they’re running on the latest version of iOS (12.4.1) to leverage the security patches.

Story image
11 Nov
PwC report: Nextgens will lead family businesses into the digital age
Family businesses should look to next generation (nextgen) leaders if their company is to thrive in the digital age, but that can only happen with greater support and trust by those currently in charge.More
Story image
06 Nov
Game review: Hideo Kojima presents Death Stranding
Death Stranding is a fun and unique game if you want to play something new and different. If you want all-out action, you may want to go out and play something else instead. It’s best to research the game as much as you can before you decide to buy it though.More
Story image
15 Nov
Hands-on review: Apple AirPods Pro
When considering the sound quality and vast list of features, the Apple AirPods Pro are worthy of both the higher price tag and the “Pro” title.More
Story image
08 Nov
Netflix to release The Witcher on December 20
In just eight days, Netflix’s latest trailer for The Witcher has gained more than 11.4 million views on YouTube, and it also hit (at least) #20 on the YouTube trending list.More
Story image
14 Nov
Hands-on review: OPPO ENCO Q1 Wireless Noise Cancelling Headphones
The tone and clarity is brilliant. I’m just waiting to see how they cope with Barry Gibb’s falsetto. The melody and lyrics are clear with rich tones. Oh no! I can feel my feet tapping and my arms want to disco! Help! More
Story image
24 Oct
Hands-on review: One month with the Apple iPhone 11
This year, Apple released three iPhones into the market: The iPhone 11, 11 Pro and 11 Pro Max. While everyone was taken by the Pro line, I believe this year’s magic was all in the humble iPhone 11.More