Google uncovers a set of websites which were installing malwares into the iPhones. The websites had malwares targeting only iPhones users. According to their report these websites were visited more than a thousand times till now. They were active for pretty long time now.
Yes its true, a terrifying report from the Google researchers confirms that your iPhones may be hacked by visiting innocent-looking websites. The cyber security researchers from Google’s Project Zero has uncovered a set of websites that were secretly hacking iPhones for years now.
iPhone users don’t have to do anything to get hacked. Their iPhones get hacked by merely visiting these websites. Another bad news is that these websites have thousands of visitors every week and none of the users has any idea that they were getting hacked.
The researchers stated that the attack has been carried out by a set of websites that targeted only iPhone users landing them in these pages without any discrimination. The attackers could even install a monitoring plant into the user’s phones and easily access their devices.
Apple has no idea about this attack existence in the first place let alone about the fact that it has been taking place for years now. This is called a Zero-day attack as the company has no idea about this attack which made it easier for the attackers to exploit the iPhones.
The trump card with the Zero-day attacks over normal attacks is that the company won’t have any knowledge of the existence of the malware which makes it a difficult fix.
Typically, it’s not easy to hack the iPhone devices. Hence the iPhone exploits are very expensive. The vulnerabilities in the iPhone’s OS, kernel, browser, and sandbox help malicious code to keep running.
According to BEER, Google has collected 5 iPhone devices from different chains and has found 14 vulnerabilities in these 5 devices of which 7 were in the safari browser,5 in the iOS kernel and 2 separate sandbox escape issues exploiting iOS 10 to iOS12. Two of these 14 vulnerabilities found in these chains were Zero-day and unpatched at the time of discovered. Surprisingly this campaign remained undetected for almost two years.
Though Apple has already patched most of the vulnerability exploits by uncovered iPhone exploits. we recommend you to always keep your devices up to date to avoid being the victims of such exploits.