|
@i41nbeer | |||||
|
googleprojectzero.blogspot.com/2019/08/a-very… thanks to @_clem1, @5aelo for their joint work on this. This has been a huge effort to pull apart and document almost every byte of a multi-year in-the-wild exploitation campaign, which used 14 different iOS exploits.
|
||||||
|
||||||
|
Ian Beer
@i41nbeer
|
30. kol |
|
It covers every vulnerability in detail, including root cause analysis, what steps could have been taken to prevent the bugs, and what steps should be taken to ensure they don’t happen again.
|
||
|
|
||
|
Ian Beer
@i41nbeer
|
30. kol |
|
We’ll look at how the attackers modify their exploitation techniques over time to defeat new mitigations, and investigate the capabilities of the attacker’s implant to access personal information on the exploited devices.
|
||
|
|
||
|
Bryan
@bry_campbell
|
30. kol |
|
@i4nbeer Will you be sharing any of the watering hole sites or *any* IOC's? i don't see any in the extensive blog posts. Thanks
|
||
|
|
||
|
Paul Brears
@PaulBrears
|
30. kol |
|
Would be very interested in the IP it was contacting. I would like to find out if any of our users where infected. As that must be decommissioned now I can’t see the harm in releasing the IP for people to check logs?
|
||
|
|
||
|
/
@xis0p
|
30. kol |
|
The exploiter god is back 🔥
|
||
|
|
||
|
LO7
@Lo7S2
|
30. kol |
|
|
||
|
|
||
|
:: jake
@j2k4_
|
30. kol |
|
Highly suggest you skim the docs if it's of interest. Looks like GPS, messaging, photos are included.
|
||
|
|
||
|
🏳️🌈Matt.🏳️🌈💙
@MattStar45
|
30. kol |
|
Wow, very scary yet informative write up. This gives me the chills that any site can do this. Thanks for coming out with these writeups
|
||
|
|
||
|
ⓚⓐⓛⓛⓘⓝ
@k4ll1n
|
30. kol |
|
@dekeneas is a top of the chain that can detect with a high accuracy the waterhole attacks
|
||
|
|
||
|
Dekeneas
@dekeneas
|
30. kol |
|
Google TAG uses similar technology. Great work!
|
||
|
|
||