iOS vulnerability exploited to spy on Uyghurs in China

By Mike Peterson
Tuesday, April 21, 2020, 02:17 pm PT (05:17 pm ET)

In July 2019, Apple patched a handful of security vulnerabilities in its mobile operating system with the iOS 12.4 update, including several flaws in WebKit. But researchers at Volexity said that at least one of those flaws was actively exploited in the wild in 2020.

The exploit, which Volexity has dubbed "Insomnia," was loaded onto user devices after they visited websites themed around China's Uyghur minority. Attackers then used the exploit, which granted them root access to user devices, to steal plaintext messages from various messaging clients, emails, photos, contact lists and GPS location data.

Reportedly, the Insomnia exploit was used in the wild between January and March 2020.

Volexity said the exploit was deployed by a hacking group they've called Evil Eye, which they believe to be a state-sponsored outfit operating on behalf of China to spy on the Uyghur minority.