Google’s Project Zero
Project Zero is the name for Google’s group of security researchers entrusted with finding and detailing zero-day vulnerabilities in working frameworks, websites, and applications.
Zero-day as in they’ve not recently been revealed and, along these lines, haven’t been fixed.
On Thursday, August 29, 2019, Project Zero blogged a “profound jump” into simply that — a chain of 0-day vulnerabilities that they said were being utilized by a little gathering of hacked websites as an aimless watering opening assault against iPhone clients.
Along these lines, a week ago’s blog entry wasn’t about exposure anymore. It was about a profound jump. What’s more, it was legit astonishing. Project Zero really expounded on the exploit chains found in nature.
The iPhone is less secure than we believe. Project Zero, a Google team that deals with cybersecurity, has discovered that for at least two years Apple’s devices with an iOS operating system between 10 and 12 have been attacked and that this has allowed some hackers to monitor the users’ real-time position is to have access to everything inside their smartphone : photos, messages, files and even passwords. According to Motherboard, it could be the biggest attack on iPhones ever.
The discovery dates back to the beginning of the year and was only recently revealed to the general public. However, the researchers immediately informed Apple that it had solved the problem within five days.
The Verge writes seven. Tech Crunch points out that normally researchers have 90 days to solve the problem. The speed at which a solution was found in this case, according to the site, is a sign of how serious what was happening was.
The methods of the attack
Project Zero researchers found that the attack began when iPhone owners connected to some sites and not when they clicked on a specific link as in the past. It is not known what these sites are.
The researchers of the project zero said only that they were visited by thousands of users every week.
As soon as someone connected, a malware automatically installed itself in the device and gave hackers root-level access that allowed them to indiscriminately search the device.
Hackers allegedly exploited five exploit chains and 14 types of flaws. The high number of vulnerabilities, the fact that each time a different one was affected and that they were unknown to the company, would have made the attacks particularly effective.
The good news is that aggression, at least in some cases, could have lasted little. The researchers of google’s zero-project team found that to get rid of the malware it was enough to restart the device (and no longer access that particular site).
The situation is different in case of password theft. ” Hackers may have continued to maintain continuous access to various accounts and services using authentication tokens … even after they lost access to the device, “.
If you want to be safe, you can change your passwords and update your iPhone to the latest version (12.1.4).