Google’s Project Zero team discovers critical security flaws in iPhones

Google researchers say these malicious websites may have accessed personal files, messages, and real time location data of iPhone users.

By: INDO ASIAN NEWS SERVICE
| Updated on: Aug 20 2022, 16:40 IST
Malicious websites put iPhones users at hacking risk: Google
Malicious websites put iPhones users at hacking risk: Google (Bloomberg)

In one of the biggest attacks against iPhone users, Google security researchers have discovered several hacked websites that used security flaws in iPhones to attack users who visited these websites.

In a blog post, researchers working in Google's Project Zero team said that after they reported their findings to Apple, the Cupertino-based tech giant patched the vulnerabilities.

You may be interested in

MobilesTablets Laptops
Apple iPhone 15 Plus 512GB
  • Black
  • 6 GB RAM
  • 512 GB Storage
7% OFF
Apple iPhone 15 512GB
  • Black
  • 6 GB RAM
  • 512 GB Storage
24% OFF
Google Pixel 128GB
  • Black
  • 4 GB RAM
  • 128 GB Storage
36% OFF
Google Pixel 2 128GB
  • Kinda Blue
  • 4 GB RAM
  • 128 GB Storage

The malicious websites may have compromised personal files, messages, and real time location data of iPhone users.

Also read
Looking for a smartphone? To check mobile finder click here.

"Earlier this year, Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day," said Ian Beer, Project Zero.

There was no target discrimination as simply visiting the hacked site was enough for the exploit server to attack the iPhone, and if it was successful, install a monitoring implant.

"We estimate that these sites receive thousands of visitors per week," said the Google blog post.

ALSO READ: Hackers earned $21 million in last 12 months via bug bounty: HackerOne report

The researchers were able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12.

"This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years," said Beer.

"I will not get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million. I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time," the researcher noted.

The websites delivered their malware indiscriminately and were operational for years, said Google.

Apple was yet to issue a comment on Google's blog post.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 31 Aug, 10:31 IST
NEXT ARTICLE BEGINS