SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Apple issues clarification on extent of iOS malware infection
Wed, 11th Sep 2019
FYI, this story is more than a year old

Apple has issued a response to the reports of a vulnerability in its iOS operating system, saying the attack affected fewer than a dozen websites that focus on content related to the Uighur community.

Google researchers found that a set of websites hacked in February were being used to attack iPhones, infecting them with malware.

The iPhone malware implant, which has not been given a name, was able to escape the iOS sandbox and run as root, which meant it has bypassed the security mechanisms of iOS and has the highest level of privileges.

It was capable of stealing:

  • All keychains,
  • Photos,
  • SMS and email messages,
  • Contacts, notes, and recordings,
  • It can retrieve the full call history and is capable of doing real-time monitoring of the device location.
  • It also includes the capability to obtain the unencrypted chat transcripts from a number of major end-to-end encrypted messaging clients, including Messages, Whatsapp, and Telegram.
    • This means that if you're infected, all your encrypted messages are not only collected by the attacker, but they're transferred in clear-text across the Internet.

Apple says its heard from customers who were concerned by some of the claims and wanted to clarify the extent of the vulnerability.

The sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described.

“Regardless of the scale of the attack, we take the safety and security of all users extremely seriously,” it said in the statement.

“Google's post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real-time,” stoking fear among all iPhone users that their devices had been compromised.

The statement goes on to say that this was never the case.

Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies.

Apple says it fixed the vulnerabilities in question in February — working to resolve the issue 10 days after it learned about it.

“When Google approached us, we were already in the process of fixing the exploited bugs.

“Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they're found.

The malware implant has been patched, but iPhone users should ensure they're running on the latest version of iOS (12.4.1) to leverage the security patches.