Since at least late August, sophisticated hackers used flaws in macOS and iOS to install malware on Apple devices that visited Hong Kong–based media and pro-democracy websites. The so-called watering hole attacks cast a wide net, indiscriminately placing a backdoor on any iPhone or Mac unfortunate enough to visit one of the affected pages.
Apple has patched the various bugs that allowed the campaign to unfold. But a report Thursday from Google’s Threat Analysis Group shows how aggressive the hackers were and how broadly their reach extended. It’s yet another case of previously undisclosed vulnerabilities, or zero-days, being exploited in the wild by attackers. Rather than a targeted attack that focuses on high-value targets like journalists and dissidents, though, the suspected state-backed group went for scale.