New "Insomnia" exploit works on iOS versions 12.3, 12.3.1, and 12.3.2; was patched in iOS 12.4 last year.
Security firm Volexity said today that it discovered a new iOS exploit that was being used to spy on China's oppressed
Uyghur minority.
The exploit, which Volexity named
Insomnia, works against iOS versions 12.3, 12.3.1, and 12.3.2. Apple patched the iOS vulnerability behind this exploit in July 2019, with the release of iOS version 12.4.
Volexity said the Insomnia exploit was used in the wild between January and March 2020.
The exploit was loaded on the iOS devices of users visiting several Uyghur-themed websites. Once victims accessed the site, the Insomnia exploit was loaded on the device, granting the attacker root access.
Hackers used access to the device to steal plaintext messages from various instant messaging clients, emails, photos, contact lists, and GPS location data.