|
Ian Beer
@i41nbeer
|
30. kol |
|
googleprojectzero.blogspot.com/2019/08/a-very… thanks to @_clem1, @5aelo for their joint work on this. This has been a huge effort to pull apart and document almost every byte of a multi-year in-the-wild exploitation campaign, which used 14 different iOS exploits.
|
||
|
|
||
|
Ian Beer
@i41nbeer
|
30. kol |
|
It covers every vulnerability in detail, including root cause analysis, what steps could have been taken to prevent the bugs, and what steps should be taken to ensure they don’t happen again.
|
||
|
|
||
|
Dan Guido
@dguido
|
30. kol |
|
This is really incredible work! Is there a reason you published without identifying the network infrastructure associated with these attacks? Everyone I know is dying to search their web logs right about now.
|
||
|
|
||
|
Frank Bajak
@fbajak
|
30. kol |
|
Please follow for DM. I have questions about why you are not naming the targeted population.
|
||
|
|
||
|
Frank Bajak
@fbajak
|
30. kol |
|
My DMs are open for anyone who can provide detail on the exploited websites and targeted population.
|
||
|
|
||
|
Miles Veteranus
@MilesVeteranus
|
30. kol |
|
But the vulnerabilities didnt change.
|
||
|
|
||
|
Roberto Pezzali
@robypez
|
30. kol |
|
Very interesting. But as a journalist I have two question:
- why now, in perfect time with new iphone launch invitation
- why no words on the website that use these tecnique? Geo distribution, one sample, etc?
|
||
|
|
||
|
Drago Indjic ака Инђић
@dindjic
|
30. kol |
|
A few lessons for #SailfishOS and #auroraos
|
||
|
|
||
|
mitp0sh ( みとぽしゅ )
@mitp0sh
|
30. kol |
|
Admitting that I have yet fully read, did you get any info in terms of attribution you can disclose? ;)
|
||
|
|
||
|
Radu Manolescu
@radumanolescu
|
31. kol |
|
Great work, but one glaring omission: which websites were infected? Since neither you nor @Google are disclosing these details, one is lead to speculate that that the infected website list would lead suspicions to a state actor in a major market => headaches for Google. Disclose!
|
||
|
|
||
|
Robert7🏴🏴🇩🇰🇺🇸
@Robert789146268
|
31. kol |
|
Is it coincidence that @Google (Ian Beer) released an article about iPhones being hacked just days after many news outlets reported Google yanked yet another app from its store b/c it had infected millions of androids with malware? Nope. 1/2
|
||
|
|
||
|
Robert7🏴🏴🇩🇰🇺🇸
@Robert789146268
|
31. kol |
|
Is it coincidence that I receive about 2-3 surveys per year on YouGov asking many detailed questions regarding Google Android malware and iPhone security (including questions about news stories)? Nope. Your paranoia is showing Google. How much did they pay you, Ian?
|
||
|
|
||