Today, security researchers at Google shattered the common belief that iPhones are non-susceptible to hacking. The researchers have revealed that a number of websites were hacking iPhones secretly for the past two years using indiscriminate watering hole attacks.
Discussing in a lengthy blog post, Google Project Zero’s Ian Beer says that the attack involved no target discrimination as simply visiting a malware-ridden website was enough to hack your iPhone. Once the hacker is successful in landing the user on the booby-trapped websites, he can implant malicious software on the target’s phone to collect data, images, and contacts.
Researchers say that these websites attracted thousands of visitors per week. iPhone exploits affected iOS version 10 through the latest version iOS 12.
How Did Websites Attempt Hacks On iPhones?
Google researchers identified 14 different security flaws across five exploit chains that were used to exploit iPhones and a majority of these flaws were pertaining to Safari, five affected the kernel and two were separate sandbox escapes.
Once the bad actor launches the implant on the target’s iPhone, he can gather and transfer information like images, GPS location data, and contacts to an external server every 60 seconds. The exploit also put users’ passwords stored on the device to risk.
Apple’s Response To Google’s Disclosure
The post says that it disclosed the vulnerabilities to Apple on 1 Feb 2019 and gave them a 7-day deadline and the Cupertino giant released a fix on 7 Feb2019 in the form of iOS 12.1.4.
If you have not updated your iOS device yet, update it right now to protect yourself against the vulnerabilities.
You can read the Google researchers’ complete report here.