Skip to main content

Hackers used compromised websites to infect iOS and other operating systems

Despite all the efforts companies make to improve the security of their devices, there’s always someone working to find new vulnerabilities. This time, a group of advanced hackers managed to infect devices running iOS, Android, and Windows through compromised websites.

As reported by ArsTechnica, Attackers have been using malicious websites to gain access to sensitive parts of the operating system due to the found security breaches. Members of Project Zero, which is a team at Google that looks for security exploits on different platforms, said that these hackers found 11 zero-day vulnerabilities.

The attacks using such breaches started in February 2020 and went on until October 2020. Malicious code was injected into the webpage via an iframe that pointed to exploited servers. Researchers point out that one of the servers was focused on attacking iOS and Windows users, while the other responded to Android devices.

In October 2020, we discovered that the actor from the February 2020 campaign came back with the next iteration of their campaign: a couple dozen websites redirecting to an exploit server. Once our analysis began, we discovered links to a second exploit server on the same website. After initial fingerprinting (appearing to be based on the origin of the IP address and the user-agent), an iframe was injected into the website pointing to one of the two exploit servers.

For those unfamiliar with the term, a zero-day exploit is basically a newly discovered vulnerability that the fix is still unknown to the developers. The report mentions that the hackers had advanced knowledge of what they were doing as they were able to bypass the security systems of “well-fortified OSes and apps that were fully patched.”

In another example of how the hackers have experience with zero-day exploits, they were able to quickly reopen the breach after Google updated the Chrome engine with a fix. In other words, even if users were running the latest version of the app or operating system, they would still be susceptible to being infected when accessing a compromised website.

While keeping the software on your devices up to date is still important to avoid security issues, users must beware of opening websites or apps that they don’t highly trust. More details about this exploit can be found on the Project Zero blog.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications