Malicious Websites Have Been Hacking iPhones

1 minute read
| News

Project Zero is a Google security team that finds zero day vulnerabilities in products and services. It routinely finds them in Apple products, and just announced that it found a series of malicious websites taking advantage of zero days found in iOS.

Zero Day

A zero day is a type of security vulnerability that can be found in software. It means that the company that owns the software doesn’t know about it, so they’ve had zero days to fix it. These are among the most valuable vulnerabilities for hackers to sell and exploit.

Google’s Threat Analysis Group (TAG) stumbled upon the websites earlier this year. Simply visiting one with an iPhone was enough for one to get hacked. They found a total of five exploit chains based on 14 vulnerabilities. These targeted iOS 10 up to the latest version of iOS 12.

iOS exploit chains malicious websites hacking iphones

The exploit chains

The malware that got installed was focused on stealing files and uploading live location data. It also had access to the user’s iCloud Keychain, and the databases of several end-to-end encrypted apps, including iMessage, Telegram, and WhatsApp.

The malware wasn’t persistent, meaning it would be erased if you restarted your iPhone. But that’s still enough to cause damage. The team disclosed the vulnerabilities to Apple, which resulted in the release of iOS 12.1.4 in February 2019.

[Google’s Project Zero Finds 6 iOS ‘Interactionless’ Bugs]

[Google Finds Severe macOS Kernel Flaw]

1
Leave a Reply

Please Login to comment
1 Comment threads
0 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Lee Dronick Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Lee Dronick
Member
Lee Dronick

As I was sure would happen some talking head on our local TV news is reporting this as if the problem wasn’t patched.