Google exposes the vulnerabilities related to the iPhone that allow malicious websites to steal user data for years

Google's Zero Project released this week an article on a blog about a previous security threat, according to which malicious websites were quietly hacking the victim's iPhone. This small collection of hacked websites has been used for years in so-called "blind" attacks against unsuspecting visitors, but Apple has responded to this threat.

If the attacks were successful, a surveillance implant would be installed on the targeted iPhone, capable of stealing private data, including messages, photos and GPS location, in real time. Google estimated that thousands of visitors visited these websites each week for two years and that iOS versions ranging from iOS 10 to iOS 12 were being exploited.

There was no target discrimination; It was enough to visit the hacked site for the operating server to attack your device and, if successful, install a monitoring implant. We estimate that these sites receive thousands of visitors a week.

TAG has been able to collect five distinct, complete and unique iPhone exploit chains, covering almost all versions, from iOS 10 to the latest version of. iOS 12. This indicated a group making sustained efforts to hack iPhone users from certain communities over a period of at least two years.

Project Zero discovered 14 vulnerabilities in iOS, including seven for Safari, five for the kernel, and two separate sandboxes. The team reported these results to Apple in February, and Apple's iOS version 12.1.4, the same month, resolved these issues.

Google's dive into the iOS exploit can be read on the company's Project Zero blog.