Re: iPhone. We’re all just 1 zero-day away from being compromised.

I wonder what the half-life is of these iOS vulnerabilities, and how it compares to the half-life is similar zero-days on competing platforms.

I also wonder if The Wayback Machine or Google cache somehow logged the exploit code of the infected website(s). Would also be nice if there was a way to search website source code for various strings.

Google blog post didn’t say how they found the infected website(s) using the iOS zero-days. But I’m sitting here thinking, again, that after $127B in annual InfoSec spending, it was an advertising platform that found it... and not a security vendor. Threat intel or otherwise.

While we don’t yet know who the threat-actor is being the iOS watering hole attack, or their motivation, but they know their tools have been discovered and activity made public... what might they be doing right now to protect themselves or their operations?

Step 1. Crawl the Internet searching for infected websites spraying iOS zero-days.
Step 2. Submit to Apple
Step 3. Profit (7-figures)

What are the chances that there are other websites out there, right now, spraying a completely different collection of iOS zero-days? It would have to be non-zero right?

When/if we learn who the threat actors are, the URLs to the infected websites, and who the intended targets may have been... this story could get way crazy.

🤔

I forgot to say that this is stelar work by Google's Threat Analysis Group and an incredible contribution. All the credit in the world to these guys.

@thegrugq @daveaitel possible (or likely) that these exploits where previously used in more highly targeted attacks, and that they then purposely burnt them in a wider attack to cover their tracks? Or something along those lines.