A very deep dive into iOS Exploit chains found in the wild (Project Zero)

It's not Linux but is worth a read: Google's Project Zero blog has ahighly detailed analysis of several iOS exploits and how they were usedto compromise large numbers of devices. "There's something thus far which is conspicuous only by its absence: is any of this encrypted? The short answer is no: they really do POST everything via HTTP (not HTTPS) and there is no asymmetric (or even symmetric) encryption applied to the data which is uploaded. Everything is in the clear. If you're connected to an unencrypted WiFi network this information is being broadcast to everyone around you, to your network operator and any intermediate network hops to the command and control server.This means that not only is the end-point of the end-to-end encryptionoffered by messaging apps compromised; the attackers then send all thecontents of the end-to-end encrypted messages in plain text over thenetwork to their server."