Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites. Since at least late August, attackers have been using flaws in macOS and iOS – including in-the-wild use of what was then a zero-day flaw – to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites. This isn’t a finely targeted campaign, but it’s a sophisticated one. The watering-hole attack indiscriminately slipped malware onto any iOS or macOS device unfortunate enough to have stumbled across the infected sites, according...