A very deep dive into iOS Exploit chains found in the wild (Project Zero)

It’s not Linux but is worth a read: Google’s Project Zero blog has a
highly detailed analysis of several iOS exploits and how they were used
to compromise large numbers of devices. “There’s something thus far which is conspicuous only by its absence: is any of this encrypted? The short answer is no: they really do POST everything via HTTP (not HTTPS) and there is no asymmetric (or even symmetric) encryption applied to the data which is uploaded. Everything is in the clear. If you’re connected to an unencrypted WiFi network this information is being broadcast to everyone around you, to your network operator and any intermediate network hops to the command and control server.

This means that not only is the end-point of the end-to-end encryption
offered by messaging apps compromised; the attackers then send all the
contents of the end-to-end encrypted messages in plain text over the
network to their server.“

Source: LWN.net – A very deep dive into iOS Exploit chains found in the wild (Project Zero)

Prime-WoW

My site, my way, no big company can change this

A very deep dive into iOS Exploit chains found in the wild (Project Zero)