Google reveals how an iOS malware campaign works

In early 2019, Google’s Threats Analysis Group (TAG) notified Apple about 14 vulnerabilities affecting iPhone devices from versions iOS 10 to iOS 12. This vulnerabilities was patched on out-of-band release of iOS 12.1.4 on 7 Feb 2019.

To get infected it was enough to visit a compromised web site, and from de web server, the device was infected and a monitoring tool was installed.

After analyzing it, Google has published a series of articles explaining the magnitude and functioning of the 5 different exploits chains used in this malware campaign. This vulnerabilities affected to different system software tools, with 7 of them affecting to iPhone web browser, five affecting the kernel, and two allowing sandbox escapes. Being this two last ones 0-day vulnerabilities (CVE-2019-7287 y CVE-2019-7286).