About 1 billion users learned â€œhacked websitesâ€ were used to infiltrate iPhones over the past two years.
Since the attack was sophisticated, scaled and targeted along geographic and demographic lines, a nation state-sponsored perpetrator is suspected.
TechCrunch said Saturday (Aug. 31), â€œsources familiar with the matter said the websites were part of a state-backed attack â€” likely China â€” designed to target the Uyghur community in the countryâ€™s Xinjiang state.â€
The breach comes on the heels of Appleâ€™s confirmation that the iPhone 11 will be launched Sept. 10.
Two researchers, Natalie Silvanovich and Samuel GroÃŸ, who work alongside Googleâ€™s security initiative Project Zero, found in July that there were some â€œinteractionlessâ€ malicious bugs in iOS that allow hackers to take control of an iPhone through iMessage without even making the victim engage with the texts or click a link.
They found a total of six bugs, and if they were sold on the market, they would be worth upwards of $5 million.
The details of the exploits are being kept a secret because Appleâ€™s iOS 12.4 path hasnâ€™t completely fixed the issue. Four out of the six bugs can trigger a malicious code on an iOS device, and a user doesnâ€™t even need to do anything. Simply sending the message to the phone will execute the code once a person opens and looks at the message.
Two of the bugs allowed a malicious attacker to leak data from memory and then read files from the device with no user interaction.
â€œThere have been rumors of remote vulnerabilities requiring no user interaction being used to attack the iPhone, but limited information is available about the technical aspects of these attacks on modern devices,â€ Silvanovich said in an abstract of her talk.