Last week we learned that Apple had patched a series of bugs zero-day in iOS with the iOS 12.1.4 update of February this year. Discovered by Google thanks to its Project Zero team, this weekend we learned a little more about this sophisticated attack. According to TechCrunch, the target was the Chinese Uyghur Muslim minority and the Chinese state could be responsible.
The attack discovered used specific websites that exploited a string of iOS security exploits to infect devices with malware . The sites were only getting a few thousand hits a week, so there is speculation that they were dissident content in China . The sources consulted by TechCrunch indicate that this state, which in recent times has been repressing the religious minority, was most probably behind the attack.
At Apple, Google discovered several zero-day bugs that Apple patched in iOS 12.1.4
Forbes indicates that the attack was not focused exclusively on Apple devices. The malicious websites were also capable of infecting Android and Windows Phone terminals , throwing up more evidence indicating a perpetrator with numerous means.
As these web pages were public, the Google engine indexed them and even showed them in its results infecting people outside the target of the attack. At one point, the FBI intervened and asked Google to remove them to prevent them from spreading.
This type of attack reminds us that we must be alert when we receive messages with links of dubious origin. It also gives us new reasons to have our devices with the latest update available installed.