https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html … thanks to @_clem1, @5aelo for their joint work on this. This has been a huge effort to pull apart and document almost every byte of a multi-year in-the-wild exploitation campaign, which used 14 different iOS exploits.
Great work, but one glaring omission: which websites were infected? Since neither you nor @Google are disclosing these details, one is lead to speculate that that the infected website list would lead suspicions to a state actor in a major market => headaches for Google. Disclose!