Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Iphone Security IT

Researchers Say They Caught an iPhone Zero-Day Hack in the Wild (vice.com) 31

In the summer of 2016, researchers at a digital rights organization and a cybersecurity firm announced they had caught one of the rarest fish in the cybersecurity ocean -- an in the wild attack against an iPhone, using unknown vulnerabilities inside Apple's vaunted operating system. Since then, only a handful of similar attacks have been caught and publicly disclosed. Now, a small startup said it has caught another one. From a report: ZecOps, a company based in San Francisco, announced on Wednesday that a few of its customers were targeted with two zero-day exploits for iOS last year. Apple will patch the vulnerability underlying these attacks on an upcoming release of iOS 13. "We concluded with high confidence that it was exploited in the wild," Zuk Avraham, the founder of ZecOps, told Motherboard. "One of [the vulnerabilities] we clearly showed that it can be triggered remotely, the other one requires an additional vulnerability to trigger it remotely."

"These vulnerabilities," ZecOps researchers wrote in a report they published Wednesday, "are widely exploited in the wild in targeted attacks by an advanced threat operator(s) to target VIPs, executive management across multiple industries, individuals from Fortune 2000 companies, as well as smaller organizations such as MSSPs." One of the two vulnerabilities, according to Avraham, is what's known as a remote zero-click. This kind of attack is dangerous because it can be used by an attacker against anyone on the internet, and the target gets infected without any interaction -- hence the zero-click definition. Vulnerabilities or exploits called zero-days are bugs in software or hardware that are unknown to their manufacturers and can be used to hack targets. They can be particularly effective attacks because they use flaws that are not patched yet, meaning there's no code deployed to specifically defend against them.

This discussion has been archived. No new comments can be posted.

Researchers Say They Caught an iPhone Zero-Day Hack in the Wild

Comments Filter:
  • ... "Zero Day" means anything.

    Just because someone thinks they're the first doesn't mean they are.

    It's impossible to know if an exploit has been used.

    "Zero Day" is self congratulatory

    It's a damned bug. Call it what it is !

    • by geekmux ( 1040042 ) on Wednesday April 22, 2020 @11:23AM (#59976470)

      ... "Zero Day" means anything.

      Just because someone thinks they're the first doesn't mean they are.

      It's impossible to know if an exploit has been used.

      "Zero Day" is self congratulatory

      It's a damned bug. Call it what it is !

      For the overly annoyed here, "Zero Day" merely implies that a vulnerability exists and has a 99% chance of being unpatched, which can be rather relevant for those who give a shit and need to mitigate risk through other means.

      TL; DR - Shut the hell up already.

      • by Euler ( 31942 )

        I, too, am one of the overly annoyed. Came here to find this argument. Overly used jargon does have negative consequences. It doesn't communicate what you specifically want it to, shuts the greater audience out of the conversation. And, quite frankly, takes more effort to educate everyone on the terminology, which ends up being endless disagreement anyway. 'Unpatched security flaw' is just as easy to say as "Zero-day hack" and carries a lot less presumptions that may or may not be true. Whether the ve

    • by alvinrod ( 889928 ) on Wednesday April 22, 2020 @11:29AM (#59976488)
      It's still useful to know if it's something that researchers identified six months ago and handed over the company responsible so that they could work on fixing it as opposed to something that's caught everyone off guard. Generally I've found it doesn't matter much. Companies will sit on their hands forever fixing something when even zero days in open source software sometimes get same day patches.

      It's a little funny, but it's almost a microcosm of the whole pandemic going on now. No one will really do shit about it until it's staring them right in the face. It's funny how the months and months a company had to fix something before public disclosure don't often amount to much, but after the announcement is scarcely takes more than a week to address.
      • we've been asking that question for at least the last 10, 15 years...
      • Comment removed (Score:5, Informative)

        by account_deleted ( 4530225 ) on Wednesday April 22, 2020 @01:27PM (#59976942)
        Comment removed based on user account deletion
        • There seems to be a widely held misconception that most companies and developers don't care about security which is patently false. Not everyone is Zoom; these people are the exception, not the norm. Most developers and most companies understand very well that the security of their products not only affects their reputation therefore their bottom line but also has a social impact.

          Especially a Company like Apple, who has built a well-deserved reputation of making privacy and security-from-practical-exploits twin pillars of their design-goals for both their hardware and software.

          Thank you, Parent, for a most erudite and knowledgeable comment injected into what will no doubt devolve into yet-another finger-pointing Platform War...

          • Especially a Company like Apple, who has built a well-deserved reputation of making privacy and security-from-practical-exploits twin pillars of their design-goals for both their hardware and software.

            From where I see it, their security mostly relies on a simultaneously anti-competitive app whitelist model.

    • by Tyrannosaur ( 2485772 ) on Wednesday April 22, 2020 @11:33AM (#59976502)

      A "zero day" means the people who are supposed to fix the bug don't yet know about it. If every script kiddie and his mom knows about the exploit, it's still a zero-day if Apple hasn't released a patch yet.

      https://en.wikipedia.org/wiki/... [wikipedia.org]

    • These vulnerabilities are widely exploited in the wild in targeted attacks by an advanced threat operator(s) to target VIPs, executive management across multiple industries, individuals from Fortune 2000 companies, as well as smaller organizations such as MSSPs.

      Not to mention the President of the United States.

    • by EvilSS ( 557649 )

      It's impossible to know if an exploit has been used.

      Well that's not true. If you spot it in the wild, you know it was used. What you can't know is if an exploit has NOT been used before.

      • It's impossible to know if an exploit has been used.

        Well that's not true. If you spot it in the wild, you know it was used. What you can't know is if an exploit has NOT been used before.

        Actually, if you spot it in the wild, e.g., that someone spots the code on a webserver, in an App, or in intercepted internet traffic, you only really know that there is a potential that it will be successful. Only if you can demonstrate the actual exploit causing whatever modified behavior in a particular unit or units can you say that it was (successfully) "used". Which is the only thing that really "counts".

        There likely are several thousand (or more) potential exploits for any and all platforms floating

    • by epine ( 68316 )

      Just because someone thinks they're the first doesn't mean they are. ... "Zero Day" is self congratulatory.

      You've misread the phrase entirely.

      A "Zero Day" outbreak is a pandemic whose imminent pandemic status is mainly known to some blue-lipped Manchu in Wuhan, after prompt suppression of Li Wenliang.

      Meanwhile, none of the flush and privileged Milanese have fled to their opulent second homes in The Hamptons, because not even the jet set are yet looped into reliable word.

    • > ... "Zero Day" means anything.
      > Just because someone thinks they're the first doesn't mean they are.

      Zero day doesn't have anything to do with first use.
      X-day is the days after the vendor released the patch, which causes the vulnerability to be widely known.

      Each month on patch Tuesday when Microsoft releases fixes for the Windows vulns of the month, everyone can see what was patched, and therefore what the vulnerabilities are in unpatched systems. If you wait 7 days to install the patches, that's se

    • The term "zero-day" originally referred to the number of days since a new piece of software was released to the public, so "zero-day" software was software that had been obtained by hacking into a developer's computer before release. Eventually the term was applied to the vulnerabilities..." - Wikipedia

      The fact that the usage has changed doesn't negate the fact that the current usage is simply incorrect.

      "Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of d

    • FFS learn what Zero Day means. It means discovered in the wild before known or patched by the vendor. It has nothing to do with whether you are first to find it.
  • You need to test and contract trace! Wipe out this virus!
  • Zoom got ripped a new one for only a few much lesser security issues.
  • Already Patched (Score:4, Informative)

    by NoMoreACs ( 6161580 ) on Wednesday April 22, 2020 @03:38PM (#59977400)

    This has already been patched. The patch will be released as part of iOS/iPadOS 13.4.5, which is currently undergoing testing.

    And it is not a vulnerability in iOS/iPadOS itself; but rather in Mail.app. So, if you use another Mail app, you're safe.

    https://www.macrumors.com/2020... [macrumors.com]

    • Interesting. When I read the article, I immediately told my iPhone to update, and it did...to 13.4.1. That seems to be several minor versions behind the one you're referring to. Unless it's going to do the 13.4.2 (or whatever the next version is) after it finishes installing 13.4.1?

      • After the update to 13.4.1, my phone tells me it's up to date. So where are versions 13.4.2 through 13.4.4? According to this:
                  https://en.wikipedia.org/wiki/... [wikipedia.org]
        there are no intermediate versions, it jumps directly from 13.4.1 to 13.4.5 (Beta 2). Guess I don't understand Apple's numbering system.

    • Or will Apple be only be fixing for v13.4.5? :(

"How to make a million dollars: First, get a million dollars." -- Steve Martin

Working...