Google’s Project Zero team just revealed yet another vulnerability in iOS. This time, a chain of five exploits hosted on malicious websites were being used to attack visitors. Just landing on the site was enough for the exploit server to attack vulnerable devices and install a monitoring implant. According to researchers, the implant could steal private data like iMessages, photos and GPS location in real-time.
Google’s analysis suggested these malicious websites were visited thousands of times per week. Any version between iOS 10 and iOS 12.1.3 inclusive are still vulnerable to the exploit which works on iPhone models between and iPhone 5S to iPhone X inclusive. The discovery was shared with Apple earlier this year and it was patched with the release of 12.1.4 in February.
Need more convincing that iOS isn’t completely secure?
This public disclosure comes after two major iOS vulnerabilities surfaced this month.
First, the iMessage vulnerability that allows an attacker to read files off an iOS device remotely, without any interaction from the victim. The exploit initiates a dump of the victim’s iMessage database and compromises the iOS sandbox putting files on the device at risk. Devices can be taken over remotely but sending a text message which automatically launches an exploit without any user interaction.
Just three weeks later Apple was in the news again for accidentally reopening a security flaw it had previously patched. This jailbreak vulnerability, which allows iOS devices to be jailbroken with an exploit known as SockPuppet, was originally discovered by a security researcher at Google Project Zero and was patched in May with the release of iOS 12.3 and 12.3.1.
What should I do now?
While there are a significant number of devices that are running exploitable versions of iOS, we have not seen any evidence of this exploit running on devices in our network.
Wandera’s threat intelligence engine MI:RIAM is blocking traffic to the malicious websites that are hosting the exploits. Additionally, Wandera identifies and block command and control traffic on devices that may have been exploited so that no sensitive data is obtained by bad actors.
To reduce your risk exposure to this threat, we offer the following recommendations:
- Enterprises – to protect your employees’ local files on their devices, which could potentially contain business sensitive data as well as personal data, you should urge/enforce all your iPhone users to update to 12.4.1
- Wandera customers – log in to RADAR and go to Security > Threat View and click on Outdated OS to understand your risk exposure and manage your response.
- iPhone users – you should make sure you are up to date with iOS 12.4.1 to ensure the security patches are in place.
For more insight speak to a Wandera mobile security expert.