In the summer of 2016, researchers at a digital rights organization and a cybersecurity firm announced they had caught one of the rarest fish in the cybersecurity ocean — an in the wild attack against an iPhone, using unknown vulnerabilities inside Apple’s vaunted operating system. Since then, only a handful of similar attacks have been caught and publicly disclosed. Now, a small startup said it has caught another one. From a report: ZecOps, a company based in San Francisco, announced on Wednesday that a few of its customers were targeted with two zero-day exploits for iOS last year. Apple will patch the vulnerability underlying these attacks on an upcoming release of iOS 13. “We concluded with high confidence that it was exploited in the wild,” Zuk Avraham, the founder of ZecOps, told Motherboard. “One of [the vulnerabilities] we clearly showed that it can be triggered remotely, the other one requires an additional vulnerability to trigger it remotely.”

“These vulnerabilities,” ZecOps researchers wrote in a report they published Wednesday, “are widely exploited in the wild in targeted attacks by an advanced threat operator(s) to target VIPs, executive management across multiple industries, individuals from Fortune 2000 companies, as well as smaller organizations such as MSSPs.” One of the two vulnerabilities, according to Avraham, is what’s known as a remote zero-click. This kind of attack is dangerous because it can be used by an attacker against anyone on the internet, and the target gets infected without any interaction — hence the zero-click definition. Vulnerabilities or exploits called zero-days are bugs in software or hardware that are unknown to their manufacturers and can be used to hack targets. They can be particularly effective attacks because they use flaws that are not patched yet, meaning there’s no code deployed to specifically defend against them.

Read more of this story at Slashdot.

Source: Slashdot – Researchers Say They Caught an iPhone Zero-Day Hack in the Wild