An iOS 12 exploit has reportedly reemerged, being used by a group of hackers in China known as the “Evil Eye.” The latest Insomnia exploit gives attackers root access to iPhones running iOS 12.3 to 12.3.2.
Details have been shared about a reemergence of an iOS flaw that allows what are believed to be China-sponsored hackers to monitor iPhones of the country’s Uyghur Muslim minority (via ZDNet). Notably, users with an iPhone 6 or earlier would be stuck on iOS 12 and may not update software regularly, thus remaining vulnerable.
Volexity found the latest exploit named “Insomnia” that affects iOS 12.3 through 12.3.2. Apple patched the flaw with iOS 12.4 last summer, however, the Evil Eye group was able to continue monitoring compromised iPhones as recently as January through March of this year as some users remain on outdated software releases.
Here’s how Insomnia works:
The exploit was loaded on the iOS devices of users visiting several Uyghur-themed websites. Once victims accessed the site, the Insomnia exploit was loaded on the device, granting the attacker root access.
Hackers used access to the device to steal plaintext messages from various instant messaging clients, emails, photos, contact lists, and GPS location data.
The latest Insomnia exploit that popped up this year is based on the flaws previously discovered by Google’s Project Zero. Volexity found “six different hostnames” used in the attacks seen so far this year.
The Evil Eye actor set up IRONSQUIRREL code to be loaded in a variety of different ways through malicious iframes across the various compromised websites. Volexity observed a total of six different hostnames being used to launch attacks between January and March 2020.
You can learn the fine details about how the Insomnia attack works here.