by 07d046 on 7/11/19, 1:50 AM with 1 comments
by bradknowles on 7/11/19, 3:46 AM
——— There’s a catch though for operators going after iOS users: The implant can only be installed on jailbroken devices; and, an attacker would need physical access to the device in order to jailbreak it. If a device is already jailbroken, remote infection vectors include malicious SMS messages or emails, and WAP push messaging, which can be sent from the FinSpy Agent operator’s terminal.
Also, the latest iPhone/iPad version is compatible with iOS 11 and below, but newer versions of the Apple operating system are not confirmed as susceptible; also, implants for iOS 12 have not been observed.