- Google’s Project Zero blog: A very deep dive into iOS Exploit chains found in the wild
- WIRED: Mysterious iOS Attack Changes Everything We Know About iPhone Hacking
- Motherboard: Google Says Malicious Websites Have Been Quietly Hacking iPhones for Years
- MacRumors: Google Outlines iPhone Vulnerabilities That Let Malicious Websites Steal User Data for Years, Now Fixed
- Schneier on Security: Massive iPhone Hack Targets Uyghurs
The first link breaks down the technical aspects of these malicious websites. The WIRED article goes into more detail designed for technical laity. The MacRumors article doesn’t add too much. But Schneier’s article really rounds things out:
- We used to think that popping an iPhone is Really Hard to Do. This attack says otherwise.
- It appears that these malicious sites are aimed at the Uyghur people being oppressed by the Chinese government.
This is a big deal, and one of the most surprising aspects is that these various 0-day exploits against iOS were, apparently, not auctioned off for millions of dollars as opposed to being used to surveil Uyghur people.