• BurnedDonutHole@lemmy.ml
      link
      fedilink
      English
      arrow-up
      53
      ·
      edit-2
      1 year ago

      Basically they found out that anyone who knows how this work can send you an iMessage with an attachment that won’t show up on your end without the need of your interaction and do whatever they want on your iphone.

      P.S. I’m not smart nor I’m an expert.

    • specseaweed@lemmy.world
      link
      fedilink
      English
      arrow-up
      50
      ·
      edit-2
      1 year ago

      What the other dude said, but the level of sophistication was miles beyond what you typically see from even nation states. The takeaway is you cannot defend yourself from a nation that wants your information.

    • GamingChairModel@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      24
      ·
      1 year ago

      Someone figured out a way that could hijack iMessage through sending a special malicious PDF that took advantage of a flaw in some legacy font rendering code unique to Apple, that even Apple hadn’t used in decades.

      Then, that PDF launched a JavaScript debugger that is built into iPhones, and took advantage of a flaw in that to jump into putting some code into the parts of user memory, that the system doesn’t fully trust.

      Then, that code takes advantage of another flaw to bypass the system’s protections for not fully trusting that code, to secretly launch a web browser and navigate to a secret webpage that runs a much bigger piece of malware.

      That malware can read and modify basically anything on the system, and was used to read all sorts of sensitive data: message history, location information, app data, etc.

      Because the whole exploit chain was so advanced and involved so many different previously unknown vulnerabilities, basically the list of possible suspects is very, very short: some kind of nation state with advanced hacking capabilities.