Websites secretly hack into iPhones – reports Google

Security researchers at Google discovered a few websites that can discreetly hack into the visitor’s iPhone and exploit a set of software flaws.

According to Google’s Project Zero team, malicious websites have been visited a thousand times per week by innocent users. In an official blog post, Ian Beer claimed that simply visiting the site is enough for the exploitation to occur. Google also claimed that the websites have been hacking iPhones for at least two years.

The researching team found five exploit chains involving 12 separate security flaws. This also included seven flaws that involved Safari – the built-in web browser on iPhones. Through the five separate attack chains, the attackers were able to gain ‘root’ access to the device and modify the full range of features on Apple’s brainchild. In fact, some of the features accessed by the hackers required the highest level of authority – that was often off-limits to the users as well.

Google reports that the vulnerability in iPhones enabled the hackers to steal user’s personal data including their media files, messages, and even saved passwords. The researchers also found that the vulnerabilities affect iOS version 10 to the current iOS 12.

Google discreetly disclosed the issue in February and gave Apple a week to fix the issues and roll out updates for the users. Apple issued a fix for the vulnerability within six days.


However, researchers predict that other hacking companies are still in action and even though Apple devices have a good reputation when it comes to security and privacy matters – the company should become more proactive.

When contacted, a spokesperson at Apple refused to comment on the topic.



Read next: Apple apologizes to users for Spying through Siri

No comments:

Post a Comment