Category: Apple

Top Mac Malware and Security Vulnerabilities

It is commonly believed that Macs are immune to viruses. However, although they are less vulnerable than Windows computers, the reality is that MacBooks, iMacs, and Mac minis are still susceptible to malware and other security vulnerabilities — and there are some worrying ones out there, too.

Below are the top 5 macOS malware programs, security flaws, and vulnerabilities that you need to be aware of!

Silver Sparrow

Disclosed by Red Canary researchers, Silver Sparrow is a unique macOS malware program that was created to target Apple’s new M1 processors.

Silver Sparrow is a PUA (potentially unwanted application) that can serve as a delivery mechanism for malware. Once your device is infected it will contact a server every hour. It is still currently unknown how much of a threat Silver Sparrow truly poses, but in theory, it could act as a catalyst for significant attacks.

Apple quickly released an update to macOS that stopped Silver Sparrow from being able to be installed. Therefore, if you have a fully updated version of macOS, you are safe from Silver Sparrow.

XLoader

It was all but guaranteed that one of the most common pieces of Windows malware would make its way to macOS. Initially reported by Check Point security researchers in July 2021, it was confirmed that a Mac version of the XLoader malware had actually been around for some time.

XLoader is a new variant of the infamous Formbook, a program used to steal login credentials, record keystrokes, and download and execute files.

Once a device is infected with XLoader, it transfers a hidden application bundle containing a copy of itself to the user’s home folder, and what is particularly dangerous about it is the fact that it can run completely undetected by macOS.

XCSSET

Initially reported by Trend Micro in August 2020, XCSSET primarily targets macOS users in Asia. Many experts believe that XCSSET mainly targets Chinese gambling sites and their users.

XCSSET replaces users’ web browser icons with fake versions that launch malware whenever opened. XCSSET can bypass macOS’s privacy protections by hijacking the privileges of legitimate apps, allowing it to take screen captures.

XCSSET seeks to access information via the Safari browser, including login details for various Apple, Google, PayPal, and Yandex services. Other types of information it can collect include notes and messages sent via Skype, Telegram, QQ, and WeChat.

macOS Big Sur IOMobileFrameBuffer

This vulnerability can allow attackers to take over an affected system. It is a critical memory corruption issue found in internal component extensions in macOS. This security flaw allows the installation of malicious applications and enables them to execute commands with system administrator privileges — bypassing macOS’s built-in security measures.

The issue was addressed immediately by Apple, with a fix released in the macOS Big Sur 11.5.1 July 26, 2021 update.

Log4Shell

Log4Shell is a vulnerability in the widely used Java library Apache Log4j — software used by an innumerable number of large companies including Google, Apple, Netflix, Twitter, and many more. It enables attackers to perform remote code execution and gain control over affected servers.

Log4j is an open-source logging tool used by a huge number of websites and apps. Because it is so widely used, the number of services at risk of exploitation is incredibly concerning.

Although macOS is not directly affected by Log4Shell, according to security researchers, the vulnerability has been found to affect Apple’s iCloud platform. Luckily, Apple was quick to patch the vulnerability — releasing a fix shortly after it was discovered.

It was estimated that around 850,000 attacks were attempted within just 72 hours of the initial outbreak. It is not clear if Apple’s iCloud was among the services targeted.

Apache has already released an update fixing the vulnerability, although because of Log4j’s widespread worldwide use, the prospect of all the apps that use it receiving the fix is simply not realistic.

However, even if you use one of the compromised apps, your Mac will not be at risk. When exploited, the bug affects the server running Log4j, not the computer itself. Although in theory the exploit could be used to plant a malicious app on a server that then affects connected machines.

Stay protected at all times

Malware creators will always seek out undiscovered vulnerabilities that they can exploit, and Macs are certainly not immune. Fortunately, security researchers are often exceptionally quick at discovering these vulnerabilities, and fixes are almost always released timely.

However, it is best practice to always use a trusted antivirus app to ensure you are as protected as possible against all types of threats.

Trend Micro’s Antivirus One — the best option for complete peace of mind

Antivirus One can protect your Mac from viruses, malware, and adware, block potential web threats and safeguard against vulnerabilities.

Some key features include:

  • Fast Thorough Scans — Scan your Mac for hidden threats in less than a minute.
  • Web Threat Protection — Avoid online fraud, malicious software embedded in websites, and other threats lurking on the web.
  • Data Privacy Sweeps — Clear personal information out of Safari, Google Chrome, and Mozilla Firefox before it leaks online.

    Source :
    https://news.trendmicro.com/2022/02/21/top-mac-malware-and-security-vulnerabilities/

Why You Need to Care About Data Privacy & 5 Tips for Better Data Security

The privacy of our data has always been important. However, because we’re sharing more of it than ever before, being aware of data privacy and taking the necessary steps to protect it has never been more crucial. In this article, in celebration of Data Privacy Week, we cover why data privacy is so important, what can happen if your data were to fall into the wrong hands, and what you can do to protect your personal data.

Find out if your email address appeared in any data leaks

What is data privacy and why is it important?

Data privacy often refers to the practice of handling sensitive data in line with regulatory requirements. In most developed countries, there are specific data privacy laws in place that regulate how companies can collect, store, and share customer data.

While the EU has a comprehensive data privacy law, the General Data Protection Regulation (GDPR), which covers all different types of data, only three US states currently have similar, all-encompassing data privacy laws (California, Virginia, and Colorado). Instead, the US has many different laws designed to target specific types of data. For example, the Fair Credit Reporting Act (FCRA) protects information in your credit report, and the Family Educational Rights and Privacy Act (FERPA) protects students’ education reports from being freely accessible.

However, because of how much time we spend online nowadays, we’re putting more of our personal data out there for others to see than ever before. As a result, it is not only important to understand how protected your data is when you share it with a company, but also how private it is when you share it online.

How to protect your data privacy

Here are some of our top tips for data privacy protection:

  1. Only give your data to trustworthy companies and websites — Perhaps you’ve come across a new online clothing store or seen an app on the app store that takes your fancy, but you’re unsure if you can trust the company. If you’ve never heard of the company before, it’s best to do some quick research to learn whether or not you can trust it with your data.
  2. Think twice before sharing — With social media being such a big part of our everyday lives, it’s easy to forget that what we post online, stays online forever. Always think twice before sharing something online. Don’t publicly share personal information such as your address, phone number, or social security number.
  3. Take advantage of privacy settings — On every website, app, and game that you use, make sure you’re taking advantage of the built-in privacy settings. By doing so, you’ll ensure that only people you know can view your information.
  4. Use strong passwords and enable 2FA — When you create an online account, you almost always need to share lots of personal data — your full name, email address, and date of birth, for example. Although this data isn’t publicly accessible, if a hacker were to gain access to one of your accounts, they would be able to see all this information. To avoid this happening, make sure to use only strong, tough-to-hack passwords and that all your accounts have two-factor authentication (2FA) enabled.
  5. Use a VPN on public Wi-Fi — Unprotected Wi-Fi networks are notoriously unsecure. Because no password is required to access them, nearby hackers can steal any data transferred over them. To protect yourself, always use a VPN on public Wi-Fi networks.

Data leaks in 2021 — T-Mobile, LinkedIn, Moncler & CoinMarketCap

The truth is, no matter how well a company abides by data privacy laws and how thoroughly it protects its customers’ data, it can never be 100% data leak-proof. In 2021 alone, a shocking number of companies suffered high-profile data leaks, including T-MobileLinkedInMoncler, and CoinMarketCap. Those leaks resulted in hundreds of millions of people having their sensitive personal data leaked, which is used by criminals to commit all sorts of crimes — with the most concerning of them all being identity theft.

According to the Federal Trade Commission, there were over 1 million reports of identity theft in 2021. Below are some of the things the FTC says criminals can do with your data:

  • Get new credit cards in your name.
  • Open a phone, electricity, or gas account in your name.
  • Steal your tax refund.
  • Get medical care under your name (and leave you with a huge bill!).
  • Pretend to be you if they get arrested.

Cybercriminals often put stolen data up for sale on underground forums on the regular internet, as well as the dark web. And as you can imagine, personal information that is particularly valuable to them can fetch a high price. On average, on the dark web, a driver’s license will go for $205, an ID card for $213, and a passport sells for a whopping $684!

How to stay protected from data leaks

You might be thinking that staying protected from data leaks is an impossible task, but the answer is easy: Trend Micro™ ID Security . Available for Android and iOS, Trend Micro™ ID Security can scan the internet and the dark web 24/7 for your personal information. If your data is leaked, the app notifies you immediately so you can take action to avoid people stealing your identity. If your information is out there, you’ll be the first to know!

Here are some of the features offered by Trend Micro™ ID Security :

  • Personal Data Protection Score — See exactly how safe your online personal data is with your customized Protection Score.
  • 24/7 Comprehensive Personal Data Monitoring — ID Security can scan the internet and the dark web for all your personal information including up to 5 email addresses and bank account numbers, 10 credit card numbers, your Social Security number, and lots more.
  • Social Media Account Protection — Strengthen the security of your social media accounts. Be instantly alerted if your Facebook or Twitter account’s data is leaked by cybercriminals.

To learn more about Trend Micro™ ID Security and claim your free 30-day trial, click the button below.Get ID Security

Source :
https://news.trendmicro.com/2022/01/27/why-you-need-to-care-about-data-privacy-5-tips-for-better-data-security/

How to Detect Malware on iPhone — 5 Steps

Have you noticed your iPhone behaving a little strangely recently? Maybe you’ve been bombarded by unusual ads or your battery has been hitting 0% much more quickly than normal. If you’ve got your suspicions that your iPhone has a malware infection, keep on reading to learn how to know for sure!

Step #1 — Check for high data usage

One particularly big sign of a malware infection is if your iPhone is using much more data than normal. Follow the instructions below to check:

  1. Go to either Settings > Cellular or Settings > Mobile Data (depending on which version of iOS you have, it will be different).
  2. You will then be able to check exactly how much data you’ve used in the current period. If it is significantly higher than you’re used to, search through the list of apps and look for any that you don’t recognize or remember installing. If any of them are using up a lot of data, you should strongly consider deleting them because they could be malicious.

Step #2 — Check for battery-hogging apps 

Some forms of malware can run in the background without you even being aware of it, consuming huge amounts of your iPhone’s resources and having a significant impact on how long its battery lasts. As a result, similar to an increase in data usage, a sudden increase in battery usage is another red flag that indicates that your iPhone may have a problem. Here’s how you can check:

  1. Navigate to Settings and select Battery.
  2. Choose either Last 24 hours or Last 10 Days.
  3. You can now see every app’s battery usage during the selected time period. Just like checking for high data usage, if you see any unusual apps that are using up a lot of battery, you should delete them.

Step #3 — Check for strange apps

Malware comes in many different varieties. While it is true that many consume a lot of battery and data, it is not the case for all malicious apps. Because of this, you also need to simply scan through every app installed on your iPhone and look for ones you don’t recognize.

This step may take a while, especially if you’ve installed lots of them, but scan through all your apps and search for ones that you don’t recognize. Every time you see an unfamiliar one, you should remove it.

Step #4 — Constantly being bothered by pop-ups?

If you’re always being bombarded by ads every time you surf the web on your iPhone, it’s a very strong sign that it has been infected by adware, which is a particular form of malware. Although it is generally considered one of the less dangerous types of malware, it can still be very annoying. If you’re suffering from this issue, but you were unable to find any malicious apps while following the previous steps, you should move on to the next step.

Step #5 — Run a malware scan

If you were unsuccessful in detecting any malware-infected apps while following the instructions in the previous steps and your iPhone is still behaving unusually, you need to run a malware scan — Trend Micro Mobile Security  works perfectly for this!

Trend Micro Mobile Security can protect you against malicious apps, ransomware, dangerous websites, unsafe Wi-Fi networks, and more. Ridding your iPhone of malware simply couldn’t be any easier! Click the button below to download.Get Mobile Security

Some of Trend Micro Mobile Security ’s awesome features include:

  • Surf anywhere —Prevent mobile apps from loading dangerous and risky websites when you browse.
  • Stop threats —Rely on the cloud-based Smart Protection Network™ and Mobile App Reputation technology to stop threats before they can reach you.
  • Avoid online scams and fraud —Flag malicious phishing emails and scam websites.
  • Improve performance — Take advantage of optimization features to make your mobile devices work better.

    Source :
    https://news.trendmicro.com/2022/01/26/how-to-detect-malware-on-iphone-5-steps/

Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability

Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices.

Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to execute arbitrary code with kernel privileges.

The iPhone maker said it’s “aware of a report that this issue may have been actively exploited,” adding it addressed the issue with improved input validation. It did not reveal the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them.

An anonymous researcher along with Meysam Firouzi and Siddharth Aeri have been credited with discovering and reporting the flaw.

CVE-2022-22587 is the third zero-day vulnerability discovered in IOMobileFrameBuffer in a span of six months after CVE-2021-30807 and CVE-2021-30883. In December 2021, Apple resolved four additional weaknesses in the kernel extension that’s used to manage the screen framebuffer.

Also fixed by the tech giant is a recently disclosed vulnerability in Safari that stemmed from a faulty implementation of the IndexedDB API (CVE-2022-22594), which could be abused by a malicious website to track users’ online activity in the web browser and even reveal their identity.

Other flaws of note include —

  • CVE-2022-22584 – A memory corruption issue in ColorSync that may lead to arbitrary code execution when processing a malicious crafted file
  • CVE-2022-22578 – A logic issue in Crash Reporter that could allow a malicious application to gain root privileges
  • CVE-2022-22585 – A path validation issue in iCloud that could be exploited by a rogue application to access a user’s files
  • CVE-2022-22591 – A memory corruption issue in Intel Graphics Driver that could be abused by a malicious application to execute arbitrary code with kernel privileges
  • CVE-2022-22593 – A buffer overflow issue in Kernel that could be abused by a malicious application to execute arbitrary code with kernel privileges
  • CVE-2022-22590 – A use-after-free issue in WebKit that may lead to arbitrary code execution when processing maliciously crafted web content

The updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, iPod touch (7th generation), and macOS devices running Big SurCatalina, and Monterey.

Source :
https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html

First Malware Designed for Apple M1 Chip Discovered in the Wild

One of the first malware samples tailored to run natively on Apple’s M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company’s latest generation of Macs powered by its own processors.

While the transition to Apple silicon has necessitated developers to build new versions of their apps to ensure better performance and compatibility, malware authors are now undertaking similar steps to build malware that are capable of executing natively on Apple’s new M1 systems, according to macOS Security researcher Patrick Wardle.

Wardle detailed a Safari adware extension called GoSearch22 that was originally written to run on Intel x86 chips but has since been ported to run on ARM-based M1 chips. The rogue extension, which is a variant of the Pirrit advertising malware, was first seen in the wild on November 23, 2020, according to a sample uploaded to VirusTotal on December 27.

“Today we confirmed that malicious adversaries are indeed crafting multi-architecture applications, so that their code will natively run on M1 systems,” said Wardle in a write-up published yesterday. “The malicious GoSearch22 application may be the first example of such natively M1 compatible code.”

While M1 Macs can run x86 software with the help of a dynamic binary translator called Rosetta, the benefits of native support mean not only efficiency improvements but also the increased likelihood of staying under the radar without attracting any unwanted attention.

mac0s-malware

First documented in 2016, Pirrit is a persistent Mac adware family notorious for pushing intrusive and deceptive advertisements to users that, when clicked, downloads and installs unwanted apps that come with information gathering features.

For its part, the heavily obfuscated GoSearch22 adware disguises itself as a legitimate Safari browser extension when in fact, it collects browsing data and serves a large number of ads such as banners and popups, including some that link to dubious websites to distribute additional malware.

Wardle said the extension was signed with an Apple Developer ID “hongsheng_yan” in November to further conceal its malicious content, but it has since been revoked, meaning the application will no longer run on macOS unless attackers re-sign it with another certificate.

Although the development highlights how malware continues to evolve in direct response to both hardware changes, Wardle warned that “(static) analysis tools or antivirus engines may struggle with arm64 binaries,” with detections from industry-leading security software dropping by 15% when compared to the Intel x86_64 version.

GoSearch22’s malware capabilities may not be entirely new or dangerous, but that’s beside the point. If anything, the emergence of new M1-compatible malware signals this is just a start, and more variants are likely to crop up in the future.

Source :
https://thehackernews.com/2021/02/first-malware-designed-for-apple-m1.html

What is Cybersecurity?

What is cybersecurity?

Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. It seems that everything relies on computers and the internet now—communication (e.g., email, smartphones, tablets), entertainment (e.g., interactive video games, social media, apps ), transportation (e.g., navigation systems), shopping (e.g., online shopping, credit cards), medicine (e.g., medical equipment, medical records), and the list goes on. How much of your daily life relies on technology? How much of your personal information is stored either on your own computer, smartphone, tablet or on someone else’s system?

What are the risks to having poor cybersecurity?

There are many risks, some more serious than others. Among these dangers are malware erasing your entire system, an attacker breaking into your system and altering files, an attacker using your computer to attack others, or an attacker stealing your credit card information and making unauthorized purchases. There is no guarantee that even with the best precautions some of these things won’t happen to you, but there are steps you can take to minimize the chances.

What can you do to improve your cybersecurity?

The first step in protecting yourself is to recognize the risks. Familiarize yourself with the following terms to better understand the risks:

  1. Hacker, attacker, or intruder – These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes benign and motivated by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).
  2. Malicious code – Malicious code (also called malware) is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses. (See Protecting Against Malicious Code for more information.) Malicious code may have the following characteristics:
    • It might require you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular webpage.
    • Some forms of malware propagate without user intervention and typically start by exploiting a software vulnerability. Once the victim computer has been infected, the malware will attempt to find and infect other computers. This malware can also propagate via email, websites, or network-based software.
    • Some malware claims to be one thing, while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.
       
  3. Vulnerabilities – Vulnerabilities are flaws in software, firmware, or hardware that can be exploited by an attacker to perform unauthorized actions in a system. They can be caused by software programming errors. Attackers take advantage of these errors to infect computers with malware or perform other malicious activity.

To minimize the risks of cyberattacks, follow basic cybersecurity best practices:

  1. Keep software up to date. Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it. (see Understanding Patches and Software Updates for more information.)
  2. Run up-to-date antivirus software. A reputable antivirus software application is an important protective measure against known malicious threats. It can automatically detect, quarantine, and remove various types of malware. Be sure to enable automatic virus definition updates to ensure maximum protection against the latest threats. Note: Because detection relies on signatures—known patterns that can identify code as malware—even the best antivirus will not provide adequate protections against new and advanced threats, such as zero-day exploits and polymorphic viruses.
  3. Use strong passwords. Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices. It is best to use long, strong passphrases or passwords that consist of at least 16 characters. (See Choosing and Protecting Passwords.)
  4. Change default usernames and passwords. Default usernames and passwords are readily available to malicious actors. Change default passwords, as soon as possible, to a sufficiently strong and unique password.
  5. Implement multi-factor authentication (MFA). Authentication is a process used to validate a user’s identity. Attackers commonly exploit weak authentication processes. MFA uses at least two identity components to authenticate a user’s identity, minimizing the risk of a cyberattacker gaining access to an account if they know the username and password. (See Supplementing Passwords.)
  6. Install a firewall. Firewalls may be able to prevent some types of attack vectors by blocking malicious traffic before it can enter a computer system, and by restricting unnecessary outbound communications. Some device operating systems include a firewall. Enable and properly configure the firewall as specified in the device or system owner’s manual. (See Understanding Firewalls for Home and Small Office Use.)
  7. Be suspicious of unexpected emails. Phishing emails are currently one of the most prevalent risks to the average user. The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device. Be suspicious of all unexpected emails. (See Avoiding Social Engineering and Phishing Attacks.)

Refer to cybersecurity Tips and Cyber Essentials for more information from the Cybersecurity and Infrastructure Security Agency (CISA) on how to improve your cybersecurity posture and protect yourself and from cyberattacks.

Authors

CISA

Source :
https://us-cert.cisa.gov/ncas/tips/ST04-001

Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails

Watch out Apple users!

The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims.

The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.

According to cybersecurity researchers at ZecOps, the bugs in question are remote code execution flaws that reside in the MIME library of Apple's mail app—first, due to an out-of-bounds write bug and second, is a heap overflow issue.

Though both flaws get triggered while processing the content of an email, the second flaw is more dangerous because it can be exploited with 'zero-click,' where no interaction is required from the targeted recipients.

8-Years-Old Apple Zero-Days Exploited in the Wild

According to the researchers, both flaws existed in various models of iPhone and iPad for the last 8 years since the release of iOS 6 and, unfortunately, also affect the current iOS 13.4.1 with no patch yet update available for the regular versions.

What's more worrisome is that multiple groups of attackers are already exploiting these flaws—for at least 2 years as zero-days in the wild—to target individuals from various industries and organizations, MSSPs from Saudi Arabia and Israel, and journalists in Europe.

"With very limited data, we were able to see that at least six organizations were impacted by this vulnerability – and the full scope of abuse of this vulnerability is enormous," the researchers said.

"While ZecOps refrain from attributing these attacks to a specific threat actor, we are aware that at least one 'hackers-for-hire' organization is selling exploits using vulnerabilities that leverage email addresses as the main identifier."

iphone hacking zero-day exploit

According to the researchers, it could be tough for Apple users to know if they were targeted as part of these cyber-attacks because it turns out that attackers delete the malicious email immediately after gaining remote access to the victims' device.

"Noteworthy, although the data confirms that the exploit emails were received and processed by victims' iOS devices, corresponding emails that should have been received and stored on the mail-server were missing. Therefore, we infer that these emails were deleted intentionally as part of an attack's operational security cleanup measures," the researchers said.

"Besides a temporary slowdown of a mobile mail application, users should not observe any other anomalous behavior."

To be noted, on successful exploitation, the vulnerability runs malicious code in the context of the MobileMail or maild application, allowing attackers "to leak, modify, and delete emails."

However, to remotely take full control over the device, attackers need to chain it together with a separate kernel vulnerability.

Though ZecOps hasn't mentioned any detail on what kind of malware attackers have been using to target users, it did believe that attackers are exploiting the flaws in combination with other kernel issues to successfully spy on their victims.

Beware! No Patch Yet Available

Researchers spotted in-the-wild-attacks and discovered the related flaws almost two months ago and reported it to the Apple security team.

At the time of writing, only the beta 13.4.5 version of iOS, released just last week, contains security patches for both zero-day vulnerabilities.

For millions of iPhone and iPad users, a public software patch will soon be available with the release of the upcoming iOS update.

Meanwhile, Apple users are strongly advised to do not to use their smartphones' built-in mail application; instead, temporarily switch to Outlook or Gmail apps.

In a piece of separate news, we today reported about another in-the-wild iPhone hacking campaign where Chinese hackers have been caught targeting Uyghur Muslims with exploit iOS chains and spyware apps.

 

Source :
https://thehackernews.com/2020/04/zero-day-warning-its-possible-to-hack.html