Google’s Project Zero team recently published a new proof of concept video of the iMessage bug that allows them to access the iOS device files.
Google’s Threat Analysis Group discovered a small collection of hacked websites early this year. When an iPhone user visits this hacked website, the web server will attack the device to gain access to the device. If the attack is successful, the attacker will install a monitoring implant on the device. Google discovered five different iPhone exploit chains which operates in a similar way and it affects devices running iOS 10 to the latest iOS 12.
Google Project Zero team yesterday posted a blog post explaining the root causes of the iPhone vulnerabilities and discussed their insights.
The root causes I highlight here are not novel and are often overlooked: we’ll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users.
You can read the full analysis from the source link below to know the following:
detailed write-ups of all five privilege escalation exploit chains;
a teardown of the implant used, including a demo of the implant running on my own devices, talking to a reverse-engineered command and control server and demonstrating the capabilities of the implant to steal private data like iMessages, photos and GPS location in real-time, and
analysis by fellow team member Samuel Groß on the browser exploits used as initial entry points.