A security researcher at Google’s Project Zero, Ian Beer has found a number of malicious websites which could quietly slip into user’s iPhone by exploiting a set of previously undisclosed software flaws. The websites have thousands of visitors per week. The attack can done simply by the user visiting the hacked website and if it was successful, it will install a monitoring implant on the iPhone. This has been happening in a period of at least two years.
Ian Beer found five distinct exploit chains involving twelve separate security flaws, where seven involving Safari web browser. These five attack chains enable the attacker to gain root access of the device, therefore, enabling them to quietly install malicious apps in the background to spy on the iPhone owner’s activities.
The implants were used to steal user’s photos, messages, track victim’s location and access user’s banking accounts’ passwords saved on the device. These vulnerabilities affect iOS all the way till the current iOS 12 software version. Recently, Apple has increased its bug bounty payout to $1 million for security researchers who can find flaws that can silently target an iPhone and gain root-level privileges without any user interaction.
According to Condition Zebra’s (an International IT security services, training and certification provider) point of view on this issue, we can see that the demand for cyber security skills outstrips the internal supply. As the number of high profile cyber-attacks have risen in recent years, organizations now are more aware of the importance to employ people who understand and can prevent cyber-attacks from occurring. Condition Zebra’s Cyber Security Training are the best first step for you to take into account in developing your cyber-security skills. Our trainings are designed to give you hands on experience in handling cyber security issues with the latest technology update. Check our list of Cyber Security Trainings here and make a decision today to change your career life.