Thediscovery,involving 14 suchvulnerabilities,
wasmadebyGoogleresearchersatProject
Zero,whichhuntsthesecurityflawsin
softwareandmicroprocessorfirmware,
independentoftheirmanufacturer,that
criminals,state-sponsoredhackersand
intelligenceagenciesuse.
“Thisshouldserveasa wake-upcalltofolks,”
saidWillStrafach,a mobilesecurityexpertwith
SudoSecurity.“Anyoneonanyplatformcould
potentiallygetinfectedwithmalware.”
Beersaidhisteamestimatedthattheinfected
websitesusedinthe“indiscriminatewatering
holeattacks”receivethousandsofvisitorsper
week.Hesaidtheteamcollectedfiveseparate
chainsofexploits coveringApple’siOSsystem
asfarbackasversion10,releasedin2016.
Appledidnotrespondtorequestsfor
commentonwhyit didnotdetectthe
vulnerabilitiesonitsownandif it canassure
usersthatsucha generalattackcouldnot
happenagain.Privacyassuranceis centralto
theApplebrand.
NeitherGooglenorBeerrespondedto
questionsabouttheattackersorthetargets,
thoughBeerprovideda hintinhisblogpost:
“Tobetargetedmightmeansimplybeingborn
ina certaingeographicregionorbeingpartof
a certainethnicgroup.”
SecuritymanagerMattLourensatCheckPoint
SoftwareTechnologiescalledthedevelopment
analarminggame-changer.Hesaidthatwhile
iPhoneownerspreviouslycompromisedby
zerodayswerehigh-valuetargets,a more
widespreadseedingofspywareata lowercost
perinfectionhasnowbeenshownpossible.Image: Marcio Jose Sanchez