Hackers used 7 zero-days, compromised websites to infiltrate iOS

In what is being called a highly sophisticated attack, a group of hackers leveraged a total of 11 zero-day vulnerabilities and a host of compromised websites to infect fully patched devices running iOS, Windows and Android.

iOSDetailed in a blog post by Google’s Project Zero team, the hacks began in February 2020 and continued for at least eight months, spanning a wide range of techniques, vulnerability types and attack vectors.As reported by ArsTechnica, the first four zero-days targeted Android and Windows machines running Chrome. The hacking team broadened its scope over the following eight months to include seven vulnerabilities that impacted iOS and Safari. Watering-hole sites were used to distribute different exploits tailored to the visiting device and web browser.

Read more…